Sign-up

ID

VAR-200107-0078


CVE

CVE-2001-1176


TITLE

Check Point Firewall-1 of Management Station Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2001-000110

DESCRIPTION

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. Check Point Firewall-1 Then malicious Management Module The control station is activated when an administrator sends a management packet with malicious content to the target control station. OS A vulnerability exists that destroys the stack at the intended location.Managed Check Point Firewall-1 You may be attacked without depending on the access control status set in. Firewall-1/VPN-1 management station contains a format string vulnerability. The vulnerability is the result of passing client-supplied data to a printf* function as the format string argument. This vulnerability can only be exploited by a client that is authenticated as an administrator and connected from an authorized IP address. Administrators with limited privileges (such as read-only) may be able to exploit this vulnerability to gain control over the management station

Trust: 1.98

sources: NVD: CVE-2001-1176 // JVNDB: JVNDB-2001-000110 // BID: 3021 // VULHUB: VHN-3981

AFFECTED PRODUCTS

vendor:checkpointmodel:provider-1scope:eqversion:4.1

Trust: 1.6

vendor:checkpointmodel:firewall-1scope:eqversion:4.1

Trust: 1.6

vendor:checkpointmodel:vpn-1scope:eqversion:4.1

Trust: 1.6

vendor:check pointmodel:vpn-1/firewall-1scope:eqversion:4.2sp4

Trust: 0.8

vendor:nokiamodel:ipso sp3scope:eqversion:3.3

Trust: 0.3

vendor:nokiamodel:ipso sp2scope:eqversion:3.3

Trust: 0.3

vendor:nokiamodel:ipso sp1scope:eqversion:3.3

Trust: 0.3

vendor:nokiamodel:ipsoscope:eqversion:3.3

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp3scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software vpn-1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software provider-1 sp3scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software provider-1 sp2scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software provider-1 sp1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software provider-1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp3scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp2scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp1scope:eqversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:eqversion:4.1

Trust: 0.3

vendor:nokiamodel:ipso sp4scope:neversion:3.3

Trust: 0.3

vendor:checkmodel:point software vpn-1 sp4scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software provider-1 sp4scope:neversion:4.1

Trust: 0.3

vendor:checkmodel:point software firewall-1 sp4scope:neversion:4.1

Trust: 0.3

sources: BID: 3021 // JVNDB: JVNDB-2001-000110 // CNNVD: CNNVD-200107-078 // NVD: CVE-2001-1176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1176
value: HIGH

Trust: 1.0

NVD: CVE-2001-1176
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200107-078
value: HIGH

Trust: 0.6

VULHUB: VHN-3981
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-1176
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-3981
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-3981 // JVNDB: JVNDB-2001-000110 // CNNVD: CNNVD-200107-078 // NVD: CVE-2001-1176

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1176

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-078

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200107-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000110

PATCH
title:2001-07-11-00url:http://www.checkpoint.com/techsupport/alerts/format_strings.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000110

EXTERNAL IDS
db:BIDid:3021
Trust: 2.8
db:NVDid:CVE-2001-1176
Trust: 2.5
db:OSVDBid:1901
Trust: 1.7
db:JVNDBid:JVNDB-2001-000110
Trust: 0.8
db:CNNVDid:CNNVD-200107-078
Trust: 0.7
db:XFid:6849
Trust: 0.6
db:XFid:1
Trust: 0.6
db:BUGTRAQid:20010712 VPN-1/FIREWALL-1 FORMAT STRINGS VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-3981
Trust: 0.1
sources:
            
            
            VULHUB: VHN-3981 // 
            
            
            
            BID: 3021 // 
            
            
            
            JVNDB: JVNDB-2001-000110 // 
            
            
            
            CNNVD: CNNVD-200107-078 // 
            
            
            
            NVD: CVE-2001-1176

REFERENCES
url:http://www.securityfocus.com/bid/3021
Trust: 2.5
url:http://www.checkpoint.com/techsupport/alerts/format_strings.html
Trust: 2.0
url:http://archives.neohapsis.com/archives/bugtraq/2001-07/0209.html
Trust: 1.7
url:http://www.osvdb.org/1901
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6849
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-1176
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-1176
Trust: 0.8
url:http://xforce.iss.net/static/6849.php
Trust: 0.6
url:http://www.checkpoint.com/techsupport/alerts/
Trust: 0.3
url:http://www.checkpoint.com/products/security/firewall-1.html
Trust: 0.3
url:http://www.checkpoint.com/techsupport/downloads/downloads.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-3981 // 
            
            
            
            BID: 3021 // 
            
            
            
            JVNDB: JVNDB-2001-000110 // 
            
            
            
            CNNVD: CNNVD-200107-078 // 
            
            
            
            NVD: CVE-2001-1176

CREDITS
Discovery credited to Halvar Flake of BlackHat Consulting.
Trust: 0.3
sources:
            
            
            BID: 3021

SOURCES
db:VULHUBid:VHN-3981
db:BIDid:3021
db:JVNDBid:JVNDB-2001-000110
db:CNNVDid:CNNVD-200107-078
db:NVDid:CVE-2001-1176

LAST UPDATE DATE
2024-08-14T12:52:39.155000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-3981date:2017-10-10T00:00:00
db:BIDid:3021date:2001-07-11T00:00:00
db:JVNDBid:JVNDB-2001-000110date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200107-078date:2006-01-04T00:00:00
db:NVDid:CVE-2001-1176date:2017-10-10T01:30:01.610

SOURCES RELEASE DATE
db:VULHUBid:VHN-3981date:2001-07-12T00:00:00
db:BIDid:3021date:2001-07-11T00:00:00
db:JVNDBid:JVNDB-2001-000110date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200107-078date:2001-07-12T00:00:00
db:NVDid:CVE-2001-1176date:2001-07-12T04:00:00