Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint.
Published 2008-03-20 00:44:00
Updated 2017-08-08 01:30:08
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2008-1397

Probability of exploitation activity in the next 30 days: 0.75%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-1397

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
6.5
MEDIUM AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
NIST

CWE ids for CVE-2008-1397

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1397

Products affected by CVE-2008-1397

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!