ISS warns of holes in Check Point firewall, VPN server

Users of Check Point Software Technologies Ltd. firewalls need to upgrade them right away in order to shut down a vulnerability that can lead to the firewalls being taken over by attackers.

A second vulnerability to Check Point’s VPN-1 can leave it similarly vulnerable, according to Internet Security Systems Inc., which discovered the vulnerabilities and says it has actually exploited them in the ISS X-Force labs.

Because Check Point firewalls by some counts represent more than half of the firewalls in corporate networks, ISS regards the threat as critical and says it calls for immediate fixes.

Updates necessary to correct the firewall vulnerability are available. As of this morning, the company had not posted a fix for the vulnerability ISS says it found in Check Point’s VPN-1 server as well as VPN-1 client software. But ISS says the problem can be corrected by upgrading to Check Point VPN-1 Next Generation software with Service Pack 1 or newer.

The firewall vulnerability is to its application proxy for HTTP called HTTP Security Server. Check Point’s advisory says the vulnerability can cause the server to crash and allow further exploitation. The company says this can happen “in theory only,” but ISS says it has actually taken over such firewalls in its lab via the vulnerability. “It’s not theoretical,” says Dan Ingevaldson, director of X-Force research and development.

The first flaw that was found in Firewall-1 Version 4.1 and newer, can give the attacker super user or root access to the server, according to Ingevaldson.

In regards to the second vulnerability found in Check Point VPN-1 Server and two versions of the associated client software called SecureRemote and Secure Client, Ingevaldson says, “It can cause a complete compromise of the network and all information going in and out.”

The flaw in the client means remote PCs connecting to corporate networks could be commandeered by attackers seeing connections to vulnerable machines by randomly pinging.

Check Point’s VPN-1/Firewall-1 products are often packaged and deployed together, and exploiting either of the vulnerabilities can compromise the server running them, according to Ingevaldson.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now