Support Center > Search Results > SecureKnowledge Details
UTM-1 Edge W Embedded NGX 7.0.48x reflected XSS vulnerability (low severity) (CVE-2008-1208)
Symptoms
  • The UTM-1 Edge W Embedded NGX 7.0.48x management interface login page is vulnerable to reflected cross-site scripting when accessed from the internal network over HTTP.

  • Firmware versions 7.5.x are not vulnerable.

  • Safe@Office users who registered their appliance automatically receive the latest firmware updates from the service center and therefore are not vulnerable.

  • Exploitation of this issue requires social engineering:


    The administrator must be enticed to open a specially crafted HTML page and then login to the Firewall web interface.


  • The severity level for this vulnerability is low.

Solution
UTM-1 Edge W Embedded NGX 7.0.48x management interface login page is vulnerable to cross-site scripting. Users should verify that they are updated to the latest firmware version 7.5.48.

Check Point is not aware of any customers impacted by this issue, or of any attempts to exploit this issue.


Credits: Check Point thanks Henri Lindberg of Louhi Networks Oy for bringing this issue to our attention in a forthright and professional manner.


This solution is about products that are no longer supported and it will not be updated
Applies To:
  • Firmware 7.0.48x

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment