Multiple vulnerabilities in Web GUI of UTM-1 Edge, Safe@Office and ZoneAlarm appliances
|Platform / Model
- Multiple vulnerabilities were detected in Web GUI on UTM-1 Edge, Safe@Office and ZoneAlarm appliances.
- Vulnerabilities are of the following nature: XSS, CSRF, information disclosure and offsite redirection.
- Vulnerable firmware versions are 6.x. 7.x, 8.x.
This problem was fixed. The fix is included in:
- Firmware 8.2.44 (and above)
Check Point recommends to always upgrade to the most recent version
Check Point thanks Richard Brain of ProCheckUp for responsible disclosure of this issue.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.