Check Point VPN-1 UTM Edge 7.0.33 Administrator Account pop/WizU.html cross-site request forgery

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.3 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Check Point VPN-1 UTM Edge 7.0.33 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pop/WizU.html of the component Administrator Account. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2007-3489. Remote exploitation of the attack is possible. No exploit is available.
Details
A vulnerability was found in Check Point VPN-1 UTM Edge 7.0.33 (Network Encryption Software). It has been rated as critical. This issue affects an unknown part of the file pop/WizU.html of the component Administrator Account. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. Using CWE to declare the problem leads to CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.
The weakness was published 06/27/2007 (Website). The advisory is shared at secunia.com. The identification of this vulnerability is CVE-2007-3489 since 06/29/2007. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available.
It is declared as proof-of-concept. By approaching the search of inurl:pop/WizU.html it is possible to find vulnerable targets with Google Hacking.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at OSVDB (37645†) and Secunia (SA25853†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.checkpoint.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.3
VulDB Base Score: 8.8
VulDB Temp Score: 8.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross-site request forgeryCWE: CWE-352 / CWE-862 / CWE-863
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
06/27/2007 🔍06/27/2007 🔍
06/27/2007 🔍
06/29/2007 🔍
06/29/2007 🔍
03/15/2015 🔍
07/20/2021 🔍
Sources
Vendor: checkpoint.comAdvisory: secunia.com⛔
Status: Not defined
CVE: CVE-2007-3489 (🔍)
GCVE (CVE): GCVE-0-2007-3489
GCVE (VulDB): GCVE-100-37565
X-Force: 35103
Secunia: 25853 - Check Point VPN-1 UTM Edge Cross-Site Request Forgery Vulnerability, Less Critical
OSVDB: 37645 - Check Point VPN-1 Edge pop/WizU.html CSRF
Vupen: ADV-2007-2363
Entry
Created: 03/15/2015 15:58Updated: 07/20/2021 15:40
Changes: 03/15/2015 15:58 (52), 09/15/2017 20:34 (4), 07/20/2021 15:40 (3)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.