{"vuid":"VU#310295","idnumber":"310295","name":"Check Point RDP Bypass Vulnerability","keywords":["checkpoint","firewall","firewall-1","rdp"],"overview":"Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259.","clean_desc":"Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic, any content can be passed to port 259 on any host on either side of the device.","impact":"An attacker who exploits this vulnerability can build a tunnel to bypass the firewall and pass traffic to and from arbitrary hosts on either side of the firewall on port 259.","resolution":"Apply patch from vendor.","workarounds":"","sysaffected":"","thanks":"The vulnerability was discovered by Jochen Bauer <jtb@inside-security.de> and Boris Wesslowski <bw@inside-security.de> of Inside Security GmbH Stuttgart, Germany.","author":"This document was written by Ian A. Finlay.","public":["http://www.securityfocus.com/bid/2952","http://www.inside-security.de/advisories/fw1_rdp.html","http://www.checkpoint.com/techsupport/alerts/"],"cveids":["CVE-2001-1158"],"certadvisory":"CA-2001-17","uscerttechnicalalert":null,"datecreated":"2001-06-12T02:27:27Z","publicdate":"2001-07-09T00:00:00Z","datefirstpublished":"2001-07-09T14:57:15Z","dateupdated":"2003-04-09T19:26:30Z","revision":59,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"18","cam_population":"18","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"51.3","cam_scorecurrentwidelyknown":"102.6","cam_scorecurrentwidelyknownexploited":"156.6","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":51.3,"vulnote":null}