Details of VAR-200107-0054

ID

VAR-200107-0054

CVE

CVE-2001-1158

TITLE

Check Point RDP Bypass Vulnerability

Trust: 0.8

sources: CERT/CC: VU#310295

DESCRIPTION

Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259. It is designed to work on various operating systems, both as a single firewall or as a firewall cluster system. A problem has been discovered with the firewall that allows traversal. It is possible for a remote user to pass packets across the firewall via port 259 by using false RDP headers on UDP packets. This makes it possible for remote users to gain access to restricted information systems

Trust: 1.98

sources: NVD: CVE-2001-1158 // CERT/CC: VU#310295 // BID: 2952 // VULHUB: VHN-3963

AFFECTED PRODUCTS

vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.1	Trust: 1.6
vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.1_build_41439	Trust: 1.6
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	check	model:	point software firewall-1 [ vpn des ]	scope:	eq	version:	+4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 [ vpn des strong ] sp2 build	scope:	eq	version:	++4.141716	Trust: 0.3
vendor:	check	model:	point software firewall-1 [ vpn des strong ] build	scope:	eq	version:	++4.141439	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.1	Trust: 0.3

sources: CERT/CC: VU#310295 // BID: 2952 // CNNVD: CNNVD-200107-062 // NVD: CVE-2001-1158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1158
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#310295
value:	51.30
Trust: 0.8
CNNVD:	CNNVD-200107-062
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3963
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1158
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3963
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#310295 // VULHUB: VHN-3963 // CNNVD: CNNVD-200107-062 // NVD: CVE-2001-1158

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-062

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200107-062

EXTERNAL IDS

db:	BID	id:	2952	Trust: 2.8
db:	CERT/CC	id:	VU#310295	Trust: 2.5
db:	NVD	id:	CVE-2001-1158	Trust: 2.0
db:	OSVDB	id:	1884	Trust: 1.7
db:	CNNVD	id:	CNNVD-200107-062	Trust: 0.7
db:	CERT/CC	id:	CA-2001-17	Trust: 0.6
db:	BUGTRAQ	id:	20010709 CHECK POINT RESPONSE TO RDP BYPASS	Trust: 0.6
db:	BUGTRAQ	id:	20010709 CHECK POINT FIREWALL-1 RDP BYPASS VULNERABILITY	Trust: 0.6
db:	CHECKPOINT	id:	20010712 RDP BYPASS WORKAROUND FOR VPN-1/FIREWALL 4.1 SPX	Trust: 0.6
db:	CIAC	id:	L-109	Trust: 0.6
db:	XF	id:	1	Trust: 0.6
db:	XF	id:	6815	Trust: 0.6
db:	VULHUB	id:	VHN-3963	Trust: 0.1

sources: CERT/CC: VU#310295 // VULHUB: VHN-3963 // BID: 2952 // CNNVD: CNNVD-200107-062 // NVD: CVE-2001-1158

REFERENCES

url:	http://www.securityfocus.com/bid/2952	Trust: 3.1
url:	http://www.checkpoint.com/techsupport/alerts/rdp.html	Trust: 2.0
url:	http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html	Trust: 1.7
url:	http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1	Trust: 1.7
url:	http://www.cert.org/advisories/ca-2001-17.html	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/310295	Trust: 1.7
url:	http://ciac.llnl.gov/ciac/bulletins/l-109.shtml	Trust: 1.7
url:	http://www.osvdb.org/1884	Trust: 1.7
url:	http://www.checkpoint.com/techsupport/alerts/	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6815	Trust: 1.1
url:	http://www.inside-security.de/advisories/fw1_rdp.html	Trust: 0.8
url:	http://xforce.iss.net/static/6815.php	Trust: 0.6
url:	http://www.checkpoint.com/techsupport/downloads/downloads.html	Trust: 0.3

sources: CERT/CC: VU#310295 // VULHUB: VHN-3963 // BID: 2952 // CNNVD: CNNVD-200107-062 // NVD: CVE-2001-1158

CREDITS

This vulnerability was originally discovered by Jochen Thomas Bauer <jtb@inside-security.de> and Wesslowski <bw@inside-security.de>.

Trust: 0.9

sources: BID: 2952 // CNNVD: CNNVD-200107-062

SOURCES

db:	CERT/CC	id:	VU#310295
db:	VULHUB	id:	VHN-3963
db:	BID	id:	2952
db:	CNNVD	id:	CNNVD-200107-062
db:	NVD	id:	CVE-2001-1158

LAST UPDATE DATE

2024-08-14T12:51:43.643000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#310295	date:	2003-04-09T00:00:00
db:	VULHUB	id:	VHN-3963	date:	2017-10-10T00:00:00
db:	BID	id:	2952	date:	2019-01-31T06:00:00
db:	CNNVD	id:	CNNVD-200107-062	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2001-1158	date:	2017-10-10T01:30:01.250

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#310295	date:	2001-07-09T00:00:00
db:	VULHUB	id:	VHN-3963	date:	2001-07-09T00:00:00
db:	BID	id:	2952	date:	2001-06-28T00:00:00
db:	CNNVD	id:	CNNVD-200107-062	date:	2001-07-09T00:00:00
db:	NVD	id:	CVE-2001-1158	date:	2001-07-09T04:00:00