Vigil@nce - Check Point UTM-1: vulnerabilities of UTM-1
November 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of the WebUI interface
of UTM-1 Edge and Safe@Office.
Severity: 2/4
Creation date: 17/10/2011
IMPACTED PRODUCTS
– Check Point UTM-1 Appliance
DESCRIPTION OF THE VULNERABILITY
The WebUI interface of Check Point UTM-1 Edge and Safe@Office are
used to administer the appliance.
Several vulnerabilities were announced in WebUI :
– Cross Site Scripting
– Cross Site Request Forgery
– information disclosure
– web redirection
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Check-Point-UTM-1-vulnerabilities-of-UTM-1-11064