threat
engine
.sh
Back
·
··:··
Home
/
Product
/
checkpoint firewall 1
Product
checkpoint firewall 1
90 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-24911
all versions
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a
5.3
MEDIUM
CVE-2024-24914
all versions
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitiga
8.0
HIGH
CVE-2023-28134
all versions
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An at
7.8
HIGH
CVE-2023-28133
all versions
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
7.8
HIGH
CVE-2022-41604
< 15.8.211.19229
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of wea
8.8
HIGH
CVE-2022-23744
all versions
Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint pr
2.3
LOW
CVE-2022-23742
< e86.40
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory wi
7.8
HIGH
CVE-2021-30361
all versions
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inj
6.7
MEDIUM
CVE-2022-23743
< 15.8.211.192119
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In add
7.8
HIGH
CVE-2021-30360
< e86.20
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the re
7.8
HIGH
CVE-2020-6021
< e84.20
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the install
7.8
HIGH
CVE-2020-6015
all versions
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will
5.5
MEDIUM
CVE-2020-6014
< e83.20
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries
6.5
MEDIUM
CVE-2020-6023
< 15.8.139.18543
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Rans
7.8
HIGH
CVE-2020-6022
< 15.8.139.18543
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-R
5.5
MEDIUM
CVE-2019-8462
all versions
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a
7.5
HIGH
CVE-2019-8461
< e81.30
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on
7.8
HIGH
CVE-2019-8454
< e80.96
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96
7.0
HIGH
CVE-2019-8452
< e80.96
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Wind
7.8
HIGH
CVE-2019-8455
<= 15.4.062
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission ch
7.1
HIGH
CVE-2019-8453
<= 15.4.062
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions.
5.5
MEDIUM
CVE-2018-8790
<= 15.3.064.17729
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute
7.8
HIGH
CVE-2014-8952
all versions
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when
CVE-2014-8951
all versions
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Applica
CVE-2014-8950
all versions
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness bla
CVE-2014-7169
< r77.30
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environme
9.8
CRITICAL
CVE-2014-6271
< r77.30
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows re
9.8
CRITICAL
CVE-2013-7350
all versions
Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20
CVE-2014-1672
all versions
Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modifi
CVE-2013-7311
all versions
The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of du
CVE-2013-5636
all versions
Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures w
CVE-2013-5635
all versions
Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password fai
CVE-2012-2753
all versions
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and
CVE-2011-1827
all versions
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand,
CVE-2008-7025
all versions
TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (
CVE-2008-7009
all versions
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute
CVE-2008-5994
all versions
Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject ar
CVE-2008-5849
all versions
Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover i
CVE-2008-1397
all versions
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial
CVE-2007-4216
<= 7.0.337.0
vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Inter
CVE-2007-2730
<= 6.1.744.001
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft W
CVE-2007-2174
<= 5.0.63.0
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows l
CVE-2007-0471
<= r62
sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Securi
CVE-2006-3885
all versions
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via
CVE-2006-0255
all versions
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a mali
CVE-2005-2932
<= 7.0.337.0
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use
CVE-2005-3673
all versions
The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of se
CVE-2005-2889
all versions
Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attacke
CVE-2004-2679
all versions
Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Inter
CVE-2004-0112
all versions
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the
CVE-2004-0081
all versions
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of ser
CVE-2004-0079
all versions
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of
7.5
HIGH
CVE-2004-0699
all versions
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allow
CVE-2004-0469
all versions
Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03,
CVE-2004-0040
all versions
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.
CVE-2004-0039
all versions
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54
CVE-2003-0757
all versions
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certai
CVE-2002-2405
all versions
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers
CVE-2002-0428
all versions
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to
CVE-2001-1171
all versions
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Polic
CVE-2001-1499
all versions
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary dep
CVE-2001-1431
all versions
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack
CVE-2001-0940
all versions
Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attacke
CVE-2001-1102
all versions
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on tempor
CVE-2001-1101
all versions
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.l
CVE-2000-1201
all versions
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
CVE-2001-1303
all versions
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration infor
CVE-2001-1176
all versions
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute ar
CVE-2001-1158
all versions
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass int
CVE-2001-0182
all versions
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed
CVE-2001-0082
all versions
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fr
CVE-2000-1037
all versions
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid pass
CVE-2000-1032
all versions
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid user
CVE-2000-0813
all versions
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") v
CVE-2000-0809
all versions
Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1
CVE-2000-0808
all versions
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier a
CVE-2000-0807
all versions
The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers t
CVE-2000-0806
all versions
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to con
CVE-2000-0805
all versions
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a vali
CVE-2000-0804
all versions
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connect
CVE-2000-0779
all versions
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RS
CVE-2000-0582
all versions
Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (s
CVE-2000-0482
all versions
Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP p
CVE-2000-0181
all versions
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real
CVE-2000-0150
all versions
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious
CVE-2000-0116
all versions
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by in
CVE-1999-0895
all versions
Firewall-1 does not properly restrict access to LDAP attributes.
CVE-1999-0675
all versions
Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.
CVE-1999-0770
all versions
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a
CVE-1999-1204
all versions
Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, whic
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin