CVE-2008-0662
7.8
CVSS Score
High
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Link copied!
Description
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.
CVSS Vector Details
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Software Configurations
- a checkpoint vpn-1_secureclient ngai_r56 * * * * * * *
- a checkpoint vpn-1_secureclient ngx_r60 * * * * * * *
Weaknesses (CWE)
- CWE-732
References & External Links
- http://digihax.com/
- http://secunia.com/advisories/28820
- http://securityreason.com/securityalert/3627
- http://www.securityfocus.com/archive/1/487735/100/0/threaded
- http://www.securityfocus.com/bid/27675
- http://www.securitytracker.com/id?1019317
- http://www.vupen.com/english/advisories/2008/0475
- https://usercenter.checkpoint.com/usercenter/portal/user/anon/page/supportCenter.psml
- http://digihax.com/
- http://secunia.com/advisories/28820
- http://securityreason.com/securityalert/3627
- http://www.securityfocus.com/archive/1/487735/100/0/threaded
- http://www.securityfocus.com/bid/27675
- http://www.securitytracker.com/id?1019317
- http://www.vupen.com/english/advisories/2008/0475
- https://usercenter.checkpoint.com/usercenter/portal/user/anon/page/supportCenter.psml
External Resources
CVE History Timeline
Feb 08, 2008 18:27
Initial Analysis
Oct 15, 2018 22:02
CVE Modified
Jan 25, 2024 21:31
Modified Analysis
May 14, 2024 01:50
CVE Modified
Nov 21, 2024 00:42
CVE Modified