CVE-2005-4093

Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html
http://secunia.com/advisories/17837	Vendor Advisory
http://secunia.com/advisories/23395	Vendor Advisory
http://securitytracker.com/id?1015326
http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00798.html
http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00799.html
http://www.securityfocus.com/bid/15757
http://www.us.debian.org/security/2006/dsa-1237
http://www.vupen.com/english/advisories/2005/2808	Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html
http://secunia.com/advisories/17837	Vendor Advisory
http://secunia.com/advisories/23395	Vendor Advisory
http://securitytracker.com/id?1015326
http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00798.html
http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00799.html
http://www.securityfocus.com/bid/15757
http://www.us.debian.org/security/2006/dsa-1237
http://www.vupen.com/english/advisories/2005/2808	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:checkpoint:secureclient_ng:::fp1:::::*
	cpe:2.3:a:checkpoint:secureclient_ng:r56:::::::*
	cpe:2.3:a:checkpoint:vpn-1_secureclient:4.0:::::::*
	cpe:2.3:a:checkpoint:vpn-1_secureclient:4.1:::::::*

History

21 Nov 2024, 00:03

Type	Values Removed	Values Added
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html -
References	~~() http://secunia.com/advisories/17837 - Vendor Advisory~~	() http://secunia.com/advisories/17837 - Vendor Advisory
References	~~() http://secunia.com/advisories/23395 - Vendor Advisory~~	() http://secunia.com/advisories/23395 - Vendor Advisory
References	~~() http://securitytracker.com/id?1015326 -~~	() http://securitytracker.com/id?1015326 -
References	~~() http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00798.html -~~	() http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00798.html -
References	~~() http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00799.html -~~	() http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00799.html -
References	~~() http://www.securityfocus.com/bid/15757 -~~	() http://www.securityfocus.com/bid/15757 -
References	~~() http://www.us.debian.org/security/2006/dsa-1237 -~~	() http://www.us.debian.org/security/2006/dsa-1237 -
References	~~() http://www.vupen.com/english/advisories/2005/2808 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2005/2808 - Vendor Advisory

Information

Published : 2005-12-08 11:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-4093

Mitre link : CVE-2005-4093

CVE.ORG link : CVE-2005-4093

JSON object : View

Products Affected

checkpoint

vpn-1_secureclient
secureclient_ng

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2005-4093", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-08T11:03:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17837", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23395", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015326", "source": "cve@mitre.org"}, {"url": "http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00798.html", "source": "cve@mitre.org"}, {"url": "http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00799.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15757", "source": "cve@mitre.org"}, {"url": "http://www.us.debian.org/security/2006/dsa-1237", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2808", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/17837", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23395", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015326", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00798.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00799.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/15757", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us.debian.org/security/2006/dsa-1237", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2005/2808", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:secureclient_ng:*:*:fp1:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CC5C407-EEB0-482A-822B-21F77E74F937"}, {"criteria": "cpe:2.3:a:checkpoint:secureclient_ng:r56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D6083C1-612E-4F2F-BB38-8F88C9B336C7"}, {"criteria": "cpe:2.3:a:checkpoint:vpn-1_secureclient:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE2E569B-4812-48EF-9E44-45D594147258"}, {"criteria": "cpe:2.3:a:checkpoint:vpn-1_secureclient:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90007E81-D5F9-4961-9DB1-C64977E74208"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.5 /10