Title: Check Point Firewall-1 SecureRemote Network Information Leak Vulnerability
Severity: HIGH
Description:
SecureRemote is the proprietary VPN infrastructure designed by Check Point Software, and included with some versions of Firewall-1.
A problem with the firewall implementation of SecureRemote may lead to a remote user gaining privileged information. This information can be used in mapping network resources, and could allow an attacker to launch an organized attack against sensitive systems. The problem is in the negotiation of SecureRemote sessions by the firewall.
Under normal operating conditions, the firewall with SecureRemote functionality enabled sits and waits for a request to connect. Upon receiving a request, the firewall negotiates the protocol and session with the client. During the negotiation process, a map of internal network resources is sent to the client from the firewall, detailing the design of the internal network.
The time at which the internal network information is sent varies by age of implementation. Older versions of the Check Point Firewall-1 package send this information to SecureRemote clients prior to authentication with the firewall. This problem makes it possible for a remote user who has not been challenged for authorization to gain access to network layout information, constituting an information gathering attack, and potentially leading to organized attack of network resources.
Affected Products:
- Check Point Software Firewall-1 4.0.0
- Check Point Software Firewall-1 4.1.0
- Check Point Software Firewall-1 4.1.0 SP1
- Check Point Software Firewall-1 4.1.0 SP2
- Check Point Software Firewall-1 4.1.0 SP3
- Check Point Software Firewall-1 4.1.0 SP4
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
