Check Point Software Technologies has patched a vulnerability in its Connectra and VPN-1 Power/UTM products that could enable attackers to bypass the software's end-point security measures.
The flaw affects Check Point's Integrity Clientless Security (ICS) technology, which performs security checks on devices before allowing them to connect. ICS doesn't properly perform this scan, which could allow attackers to log in to the network with an infected machine, according to a Monday post on the Full Disclosure mailing list.
Attackers could watch network traffic and intercept cookie data and then use it to build a specially rigged HTTP POST request with a valid report. When submitted, the request would enable attackers to bypass security restrictions, according to a Symantec Deepsight bulletin issued Thursday.
Israel-based Check Point has released fixes for the Connectra and VPN-1 vulnerabilities.
Symantec's Deepsight threat tracking system assigned the flaw a severity rating of 7.8 on a 10-point scale. The National Vulnerability Database weighed in with a CVSS base score of 7 on a 10-point scale. However, Danish security research firm Secunia downplayed the threat, calling it "less critical," or 2 on a 5-point scale.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Check Point Buys IPS Startup, Boosts Pointsec Offer
- Check Point Seeks Piece Of Encryption Pie
- Check Point Channel Chief Makes A Pledge
- Google Wallet Security Questioned
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Check Point Takes Security Products To Amazon
- Check Point Cooks Up Technology That Battles Botnets
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
