Description
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- checkpoint / Quantum Security GatewayR82.10 with Jumbo Hotfix Take 19 or below – R82.10 with Jumbo Hotfix Take 19 or below
- checkpoint / Quantum Security GatewayR82 with Jumbo Hotfix Take 103 or below – R82 with Jumbo Hotfix Take 103 or below
- checkpoint / Quantum Security GatewayR81.20 with Jumbo Hotfix Take 141 or below – R81.20 with Jumbo Hotfix Take 141 or below
- checkpoint / Quantum Security GatewayR81.10, R81, and R80.40 – R81.10, R81, and R80.40
- checkpoint / Spark FirewallsR80.20.X, R81.10.X, and R82.00.X – R80.20.X, R81.10.X, and R82.00.X