Vulnerability CVE-2011-1827


Published: 2011-10-04   Modified: 2012-02-13

Description:
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Checkpoint -> Connectra ngx 
Checkpoint -> Vpn-1 
Checkpoint -> Vpn-1 firewall-1 vsx 

 References:
https://www.sec-consult.com/en/advisories.html#a68
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410
http://www.vupen.com/english/advisories/2011/1162
http://www.securityfocus.com/bid/47695

Copyright 2024, cxsecurity.com

 

Back to Top