CVE-2001-1101 — Checkpoint Firewall-1 vulnerability

3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

0.6%

top 29.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Firewall-1

Timeline

PublishedSep 8

Latest updateApr 30

Description

The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDcheckpoint/firewall-13.0, 4.0, 4.1+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-v2xx-6ch2-qjrp: The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3↗2022-04-30

▶

CVEList

CVE-2001-1101: The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3↗2002-03-15

▶