CNET también está disponible en español.

Ir a español

Don't show this again


Check Point plugs VPN security hole

Flaw in some Check Point VPN and firewall products could let hackers into networks.

Security appliance specialist Check Point Software issued a patch on Wednesday to fix vulnerabilities that could let hackers take control of certain VPN and firewall appliances and gain network access.

Check Point said it discovered an ASN.1 flaw in its VPN-1 products that left them vulnerable to a buffer overrun error that could be exploited while the system is setting up a secure VPN tunnel.

To exploit a buffer-overrun vulnerability, an attacker can send specially crafted packets of information to the appliance. The packets are designed to cause confusion and create an opportunity for the attacker to take control of the product.

Check Point said the problem "could allow further network compromise," but that it does not know of any companies that have been affected.

According to Check Point, customers are only at risk if Aggressive Mode IKE is implemented and they use remote access VPNs, gateway-to-gateway VPNs and older product versions. The VPN-1/FireWall-1 R55 HFA-08, R54 HFA-412, and VPN-1 SecuRemote/SecureClient R56 HF1 are not at risk.

Check Point recommends that customers with a valid subscription download and run the relevant fix as soon as possible. Customers that have allowed their service contracts to expire can still obtain the update by contacting Check Point's technical support team.