ISS warns of holes in Check Point firewall, VPN server


Internet Security System Inc. (ISS) Wednesday issued a warning of critical vulnerabilities in Check Point Software Technologies Ltd.'s Check Point Firewall-1 and Check Point VPN-1 Server and SecuRemote and SecureClient VPN (virtual private network) clients.

The first vulnerability is related to a flaw in the HTTP Security Server application proxy that ships with all versions of Firewall-1 that can allow remote attackers to modify or tamper with the firewall rules and configuration, allowing them to compromise the security of the network, ISS said in a statement.

A second flaw within the ISKMAP processing for VPN-1 Server, SecuRemote and SecureClient can allow a remote attacker to compromise the security of any VPN-1 server or client running SecuRemote and SecureClient, it said.

Check Point no longer supports the versions of VPN-1 and SecureRemote/SecureClient affected by this vulnerability, ISS said. Check Point recommends that affected users upgrade to Firewall-1 NG FP1 or greater, it said.

Check Point could not immediately be reached for comment.

What’s wrong? The new clean desk test
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies