Check Point Fixes End-Point Security Flaw

The flaw affects Check Point's Integrity Clientless Security (ICS) technology, which performs security checks on devices before allowing them to connect. ICS doesn't properly perform this scan, which could allow attackers to log in to the network with an infected machine, according to a Monday post on the Full Disclosure mailing list.

Attackers could watch network traffic and intercept cookie data and then use it to build a specially rigged HTTP POST request with a valid report. When submitted, the request would enable attackers to bypass security restrictions, according to a Symantec Deepsight bulletin issued Thursday.

Israel-based Check Point has released fixes for the Connectra and VPN-1 vulnerabilities.

Symantec's Deepsight threat tracking system assigned the flaw a severity rating of 7.8 on a 10-point scale. The National Vulnerability Database weighed in with a CVSS base score of 7 on a 10-point scale. However, Danish security research firm Secunia downplayed the threat, calling it "less critical," or 2 on a 5-point scale.

id
unit-1659132512259
type
Sponsored post