Support Center > Search Results > SecureKnowledge Details
VPN-1 UTM Edge cross-site request forgery vulnerability (CVE-2007-3489)
Symptoms
  • VPN-1 UTM Edge X Embedded NGX 7.0.33x management interface is vulnerable to cross-site request forgery.
  • Successful attacks require the following:
    1. The user is logged in to the local web configuration interface with administrator privileges.
    2. The web browser remains open.
    3. The user clicks a malicious link that submits a request to the configuration web interface.
  • The severity level for this vulnerability is low, because it requires user cooperation.
Solution

This issue is relevant to all versions of VPN-1 UTM Edge X Embedded.

Build 7.0.45 and above of VPN-1 Edge X Embedded NGX fixes this issue.

Obtaining Fixed Software

To protect end-users from this vulnerability, Check Point recommends that customers upgrade to one of the following versions:

Workaround

  • Do not visit other web sites while using the management interface.
  • After administrating the device, clear cookies and close the browser window.

Credits

Check Point thanks Henri Lindberg and Jussi Vuokko of Louhi Networks Oy for bringing this issue to our attention in a forthright and professional manner.

Check Point also thanks Calyptix Security for reporting this issue.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment