CVE-2002-1623 — Checkpoint Vpn-1 Firewall-1 vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

72.5%

top 1.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Vpn-1 Firewall-1

Timeline

PublishedDec 31

Latest updateApr 30

Description

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcheckpoint/vpn-1_firewall-14.0, 4.1+1

🔴Vulnerability Details

GHSA

GHSA-ccfp-7gpg-fg7v: The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or res↗2022-04-30

▶

CVEList

CVE-2002-1623: The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or res↗2005-03-26

▶