Vulnerability Details : CVE-2014-8951
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.
Vulnerability category: Denial of service
Products affected by CVE-2014-8951
- cpe:2.3:a:checkpoint:security_gateway:r77:*:*:*:*:*:*:*
- cpe:2.3:a:checkpoint:security_gateway:r77.10:*:*:*:*:*:*:*
- cpe:2.3:a:checkpoint:security_gateway:r75:*:*:*:*:*:*:*
- cpe:2.3:a:checkpoint:security_gateway:r76:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8951
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8951
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
References for CVE-2014-8951
-
http://www.securityfocus.com/bid/67993
Check Point Security Gateway Multiple Denial of Service Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98761
Check Point Security Gateway UserCheck denial of service CVE-2014-8951 Vulnerability Report
-
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100505
Random traffic outages when UserCheck is enabled on Security Gateway (CVE-2014-8951)Vendor Advisory
Jump to