var-200803-0443
Vulnerability from variot
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access. The issue occurs because the application fails to adequately handle IP address collisions. Attackers can exploit this issue to break site-to-site VPN connectivity between a VPN-1 gateway and a third party, denying access to legitimate users. If SecuRemote back-connections are enabled, the attacker can leverage this issue to re-route site-to-site VPN traffic from the VPN gateway to their SecuRemote client. Under certain conditions, this will cause data that was destined for the third party to be sent to the attacker's client instead. This could contain sensitive information that would aid in further attacks. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: CheckPoint VPN-1 IP Address Collision Security Issue
SECUNIA ADVISORY ID: SA29394
VERIFY ADVISORY: http://secunia.com/advisories/29394/
CRITICAL: Less critical
IMPACT: Exposure of sensitive information, DoS
WHERE:
From local network
SOFTWARE: Check Point VPN-1/FireWall-1 NG with Application Intelligence (AI) http://secunia.com/product/2542/ Check Point VPN-1 UTM NGX http://secunia.com/product/13346/ Check Point VPN-1 Power NGX http://secunia.com/product/13348/
DESCRIPTION: Robert Mitchell has reported a security issue in CheckPoint VPN-1, which can lead to a DoS (Denial of Service) or disclosure of sensitive information.
SOLUTION: The vendor has issued hotfixes to resolve the issue (see vendor advisory for details).
PROVIDED AND/OR DISCOVERED BY: Robert Mitchell
ORIGINAL ADVISORY: CheckPoint: https://secureknowledge.checkpoint.com/SecureKnowledge/login.do?OriginalAction=solution&id=sk34579 http://updates.checkpoint.com/fileserver/ID/8141/FILE/VPN-1_NGX_R65_HFA02_Supplement3.pdf
Robert Mitchell: http://puresecurity.com.au/index.php?action=fullnews&id=5
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r60"
},
{
"model": "vpn-1 power utm with ngx",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "r65"
},
{
"model": "check point vpn-1 pro",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r62_ga"
},
{
"model": "vpn-1 firewall-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ng_ai_r55"
},
{
"model": "vpn-1 power utm",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r65_with_messaging_security"
},
{
"model": "check point vpn-1 pro",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "ngx_r61"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng ai r55"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ngx r60"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ngx r61"
},
{
"model": "vpn-1 power/utm",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ngx r62"
},
{
"model": "point software vpn-1 power/utm ngx r65",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm ngx r62",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm ngx r61",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 power/utm ngx r60",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#992585"
},
{
"db": "BID",
"id": "28299"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
},
{
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:checkpoint:vpn-1_power_utm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Mitchell",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2008-1397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-31522",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1397",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#992585",
"trust": 0.8,
"value": "2.36"
},
{
"author": "NVD",
"id": "CVE-2008-1397",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-328",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31522",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#992585"
},
{
"db": "VULHUB",
"id": "VHN-31522"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
},
{
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel\u0027s endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access. The issue occurs because the application fails to adequately handle IP address collisions. \nAttackers can exploit this issue to break site-to-site VPN connectivity between a VPN-1 gateway and a third party, denying access to legitimate users. If SecuRemote back-connections are enabled, the attacker can leverage this issue to re-route site-to-site VPN traffic from the VPN gateway to their SecuRemote client. Under certain conditions, this will cause data that was destined for the third party to be sent to the attacker\u0027s client instead. This could contain sensitive information that would aid in further attacks. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nCheckPoint VPN-1 IP Address Collision Security Issue\n\nSECUNIA ADVISORY ID:\nSA29394\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29394/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nExposure of sensitive information, DoS\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCheck Point VPN-1/FireWall-1 NG with Application Intelligence (AI)\nhttp://secunia.com/product/2542/\nCheck Point VPN-1 UTM NGX\nhttp://secunia.com/product/13346/\nCheck Point VPN-1 Power NGX\nhttp://secunia.com/product/13348/\n\nDESCRIPTION:\nRobert Mitchell has reported a security issue in CheckPoint VPN-1,\nwhich can lead to a DoS (Denial of Service) or disclosure of\nsensitive information. \n\nSOLUTION:\nThe vendor has issued hotfixes to resolve the issue (see vendor\nadvisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nRobert Mitchell\n\nORIGINAL ADVISORY:\nCheckPoint:\nhttps://secureknowledge.checkpoint.com/SecureKnowledge/login.do?OriginalAction=solution\u0026id=sk34579\nhttp://updates.checkpoint.com/fileserver/ID/8141/FILE/VPN-1_NGX_R65_HFA02_Supplement3.pdf\n\nRobert Mitchell:\nhttp://puresecurity.com.au/index.php?action=fullnews\u0026id=5\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1397"
},
{
"db": "CERT/CC",
"id": "VU#992585"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"db": "BID",
"id": "28299"
},
{
"db": "VULHUB",
"id": "VHN-31522"
},
{
"db": "PACKETSTORM",
"id": "64674"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#992585",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2008-1397",
"trust": 2.8
},
{
"db": "BID",
"id": "28299",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "29394",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019666",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-0953",
"trust": 1.7
},
{
"db": "XF",
"id": "41260",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-328",
"trust": 0.7
},
{
"db": "XF",
"id": "1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31522",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64674",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#992585"
},
{
"db": "VULHUB",
"id": "VHN-31522"
},
{
"db": "BID",
"id": "28299"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"db": "PACKETSTORM",
"id": "64674"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
},
{
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"id": "VAR-200803-0443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31522"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:39:29.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sk34579",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk34579"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31522"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.puresecurity.com.au/files/puresecurity%20vpn-1%20dos_spoofing%20attack%20against%20vpn%20tunnels.pdf"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/992585"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28299"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1019666"
},
{
"trust": 1.7,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29394"
},
{
"trust": 1.7,
"url": "http://puresecurity.com.au/index.php?action=fullnews\u0026id=5"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/41260"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0953/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/29394/"
},
{
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk34579\u0026js_peid=p-114a7ba5fd7-10001\u0026partition=null\u0026product=vpn-1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1397"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/0953"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1397"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0953/references"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com"
},
{
"trust": 0.3,
"url": "http://dl3.checkpoint.com/paid/de/vpn-1_ngx_r65_hfa02_supplement3.pdf?hashkey=1205867583_0be4e5232cabd4c602a2607e2ccc5079\u0026xtn=.pdf"
},
{
"trust": 0.1,
"url": "http://puresecurity.com.au/index.php?action=fullnews\u0026amp;id=5"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13346/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2542/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://secureknowledge.checkpoint.com/secureknowledge/login.do?originalaction=solution\u0026id=sk34579"
},
{
"trust": 0.1,
"url": "http://updates.checkpoint.com/fileserver/id/8141/file/vpn-1_ngx_r65_hfa02_supplement3.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13348/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#992585"
},
{
"db": "VULHUB",
"id": "VHN-31522"
},
{
"db": "BID",
"id": "28299"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"db": "PACKETSTORM",
"id": "64674"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
},
{
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#992585"
},
{
"db": "VULHUB",
"id": "VHN-31522"
},
{
"db": "BID",
"id": "28299"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"db": "PACKETSTORM",
"id": "64674"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
},
{
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-18T00:00:00",
"db": "CERT/CC",
"id": "VU#992585"
},
{
"date": "2008-03-20T00:00:00",
"db": "VULHUB",
"id": "VHN-31522"
},
{
"date": "2008-03-18T00:00:00",
"db": "BID",
"id": "28299"
},
{
"date": "2008-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"date": "2008-03-19T00:35:21",
"db": "PACKETSTORM",
"id": "64674"
},
{
"date": "2008-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-328"
},
{
"date": "2008-03-20T00:44:00",
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-18T00:00:00",
"db": "CERT/CC",
"id": "VU#992585"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-31522"
},
{
"date": "2015-05-07T17:32:00",
"db": "BID",
"id": "28299"
},
{
"date": "2008-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001182"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-328"
},
{
"date": "2024-11-21T00:44:26.923000",
"db": "NVD",
"id": "CVE-2008-1397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point VPN-1 information disclosure vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#992585"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-328"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.