VPN-1 UTM Edge cross-site request forgery vulnerability (CVE-2007-3489)
This issue is relevant to all versions of VPN-1 UTM Edge X Embedded.
Build 7.0.45 and above of VPN-1 Edge X Embedded NGX fixes this issue.
Obtaining Fixed Software
To protect end-users from this vulnerability, Check Point recommends that customers upgrade to one of the following versions:
- Do not visit other web sites while using the management interface.
- After administrating the device, clear cookies and close the browser window.
Check Point thanks Henri Lindberg and Jussi Vuokko of Louhi Networks Oy for bringing this issue to our attention in a forthright and professional manner.
Check Point also thanks Calyptix Security
for reporting this issue.
This solution is about products that are no longer supported and it will not be updated