The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
No CVSS v3.0
No CVSS v2
Vendors | Products |
---|---|
Checkpoint |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180271 | Mitigation Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: checkpoint
Published: 2022-11-30T00:00:00
Updated: 2022-12-01T00:00:00
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23746
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-30T19:15:10.310
Modified: 2022-12-06T15:49:50.240
Link: CVE-2022-23746
JSON object: View
Redhat Information
No data.
CWE