PureSecurity Security Advisory for Check Point VPN-1

17 March, 2008

17th March 2008 - PureSecurity has discovered a vulnerability in Check Point VPN-1, which allows a SecuRemote User to compromise a site-site VPN.

PureSecurity has discovered a significant vulnerability in Check Point VPN-1. A SecuRemote user can break connectivity for a Site-Site VPN from the same VPN Gateway. If SecuRemote back-connections are enabled and the rulebase allows, the Site-Site tunnel traffic can be re-routed to the SecuRemote client.

A hotfix is available for this issue, contact Check Point for more details.

More details :

PureSecurity Full Advisory

Check Point SecureKnowledge

CERT Advisory

Secunia Advisory


home | about | services | securetrack | puresecured | contact copyright 2003 - 2007 puresecurity pty ltd