Check Point said it discovered an ASN.1 flaw in its VPN-1 products that left them vulnerable to a buffer overrun error that could be exploited while the system is setting up a secure VPN tunnel.
To exploit a buffer-overrun vulnerability, an attacker can send specially crafted packets of information to the appliance. The packets are designed to cause confusion and create an opportunity for the attacker to take control of the product.
Check Point said the problem "could allow further network compromise," but that it does not know of any companies that have been affected.
According to Check Point, customers are only at risk if Aggressive Mode IKE is implemented and they use remote access VPNs, gateway-to-gateway VPNs and older product versions. The VPN-1/FireWall-1 R55 HFA-08, R54 HFA-412, and VPN-1 SecuRemote/SecureClient R56 HF1 are not at risk.
Check Point recommends that customers with a valid subscription download and run the relevant fix as soon as possible. Customers that have allowed their service contracts to expire can still obtain the update by contacting Check Point's technical support team.