Description
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- checkpoint / Quantum Security GatewayR82.10 with Jumbo Hotfix Take 6 or below – R82.10 with Jumbo Hotfix Take 6 or below
- checkpoint / Quantum Security GatewayR82 with Jumbo Hotfix Take 91 or below – R82 with Jumbo Hotfix Take 91 or below
- checkpoint / Quantum Security GatewayR81.20 with Jumbo Hotfix Take 127 or below – R81.20 with Jumbo Hotfix Take 127 or below
- checkpoint / Quantum Security GatewayAll releases from R81.10 and below – All releases from R81.10 and below