Description
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- checkpoint / Quantum Security GatewayR82.10 with Jumbo Hotfix Take 19 or below β R82.10 with Jumbo Hotfix Take 19 or below
- checkpoint / Quantum Security GatewayR82 with Jumbo Hotfix Take 103 or below β R82 with Jumbo Hotfix Take 103 or below
- checkpoint / Quantum Security GatewayR81.20 with Jumbo Hotfix Take 141 or below β R81.20 with Jumbo Hotfix Take 141 or below
- checkpoint / Quantum Security GatewayR81.10, R81, and R80.40 β R81.10, R81, and R80.40
- checkpoint / Spark FirewallsR80.20.X, R81.10.X, and R82.00.X β R80.20.X, R81.10.X, and R82.00.X
Exploits & PoCs
- nucleiCheck Point IKEv1 Remote-Access VPN - Certificate Authentication Bypassby watchTowr,DhiyaneshDk