Details of VAR-200110-0139

ID

VAR-200110-0139

CVE

CVE-2001-1431

TITLE

Check Point VPN-1/FireWall-1 4.1 on Nokia IPXXX firewall appliance retransmits original packets

Trust: 0.8

sources: CERT/CC: VU#258731

DESCRIPTION

Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information. A vulnerability in Check Point VPN-1/FireWall-1 running on Nokia IPXXX Appliances can allow an attacker to pass traffic allowed by the security policy through the firewall while retaining the external (untranslated) destination IP address. VPN-1 is prone to a information disclosure vulnerability

Trust: 2.25

sources: NVD: CVE-2001-1431 // CERT/CC: VU#258731 // BID: 89696 // BID: 89635 // VULHUB: VHN-4235

AFFECTED PRODUCTS

vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.1	Trust: 1.6
vendor:	checkpoint	model:	vpn-1	scope:	eq	version:	4.1	Trust: 1.6
vendor:	nokia	model:	firewall appliance	scope:	eq	version:	ipso_3.41	Trust: 1.0
vendor:	nokia	model:	firewall appliance	scope:	eq	version:	ipso_3.3	Trust: 1.0
vendor:	nokia	model:	firewall appliance	scope:	eq	version:	ipso_3.4	Trust: 1.0
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nokia	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nokia	model:	firewall appliance ipso	scope:	eq	version:	3.41	Trust: 0.6
vendor:	nokia	model:	firewall appliance ipso	scope:	eq	version:	3.4	Trust: 0.6
vendor:	nokia	model:	firewall appliance ipso	scope:	eq	version:	3.3	Trust: 0.6
vendor:	check	model:	point software vpn-1 sp4	scope:	eq	version:	4.1	Trust: 0.6
vendor:	check	model:	point software vpn-1 sp3	scope:	eq	version:	4.1	Trust: 0.6
vendor:	check	model:	point software firewall-1 sp5	scope:	eq	version:	4.1	Trust: 0.6
vendor:	check	model:	point software firewall-1 sp4	scope:	eq	version:	4.1	Trust: 0.6
vendor:	check	model:	point software firewall-1 sp3	scope:	eq	version:	4.1	Trust: 0.6

sources: CERT/CC: VU#258731 // BID: 89696 // BID: 89635 // CNNVD: CNNVD-200110-031 // NVD: CVE-2001-1431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1431
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#258731
value:	0.38
Trust: 0.8
CNNVD:	CNNVD-200110-031
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4235
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1431
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4235
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#258731 // VULHUB: VHN-4235 // CNNVD: CNNVD-200110-031 // NVD: CVE-2001-1431

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1431

THREAT TYPE

network

Trust: 0.6

sources: BID: 89696 // BID: 89635

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 89696 // BID: 89635

EXTERNAL IDS

db:	CERT/CC	id:	VU#258731	Trust: 3.1
db:	NVD	id:	CVE-2001-1431	Trust: 2.3
db:	XF	id:	8293	Trust: 1.2
db:	CNNVD	id:	CNNVD-200110-031	Trust: 0.7
db:	BID	id:	89696	Trust: 0.4
db:	BID	id:	89635	Trust: 0.4
db:	VULHUB	id:	VHN-4235	Trust: 0.1

sources: CERT/CC: VU#258731 // VULHUB: VHN-4235 // BID: 89696 // BID: 89635 // CNNVD: CNNVD-200110-031 // NVD: CVE-2001-1431

REFERENCES

url:	http://www.kb.cert.org/vuls/id/258731	Trust: 3.3
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/8293	Trust: 2.1
url:	http://xforce.iss.net/xforce/xfdb/8293	Trust: 1.2
url:	http://www.nokia.com/securitysolutions/platforms/index.html	Trust: 0.8
url:	http://www.checkpoint.com/techsupport/alerts/	Trust: 0.8

sources: CERT/CC: VU#258731 // VULHUB: VHN-4235 // BID: 89696 // BID: 89635 // CNNVD: CNNVD-200110-031 // NVD: CVE-2001-1431

CREDITS

Unknown

Trust: 0.6

sources: BID: 89696 // BID: 89635

SOURCES

db:	CERT/CC	id:	VU#258731
db:	VULHUB	id:	VHN-4235
db:	BID	id:	89696
db:	BID	id:	89635
db:	CNNVD	id:	CNNVD-200110-031
db:	NVD	id:	CVE-2001-1431

LAST UPDATE DATE

2024-11-22T23:00:10.370000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#258731	date:	2001-10-08T00:00:00
db:	VULHUB	id:	VHN-4235	date:	2017-07-11T00:00:00
db:	BID	id:	89696	date:	2001-10-08T00:00:00
db:	BID	id:	89635	date:	2001-10-08T00:00:00
db:	CNNVD	id:	CNNVD-200110-031	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1431	date:	2024-11-20T23:37:40.677

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#258731	date:	2001-10-08T00:00:00
db:	VULHUB	id:	VHN-4235	date:	2001-10-08T00:00:00
db:	BID	id:	89696	date:	2001-10-08T00:00:00
db:	BID	id:	89635	date:	2001-10-08T00:00:00
db:	CNNVD	id:	CNNVD-200110-031	date:	2001-10-08T00:00:00
db:	NVD	id:	CVE-2001-1431	date:	2001-10-08T04:00:00