1. CVE-Search
  2. CVE-2007-3489
ID CVE-2007-3489
Summary Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.
References
Vulnerable Configurations
  • cpe:2.3:h:checkpoint:vpn-1_utm_edge:7.0.33:*:utm_edge:*:*:*:*:*
    cpe:2.3:h:checkpoint:vpn-1_utm_edge:7.0.33:*:utm_edge:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:50)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bugtraq 20070627 CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability
misc http://www.louhi.fi/advisory/checkpoint_070626.txt
osvdb 37645
secunia 25853
sreason 2848
vupen ADV-2007-2363
xf checkpoint-vpn1edge-unspecified-csrf(35103)
Last major update 16-10-2018 - 16:50
Published 29-06-2007 - 18:30
Last modified 16-10-2018 - 16:50
Back to Top