Internet Security System (ISS) has warned of critical vulnerabilities in Check Point Software Technologies' Check Point Firewall-1, Check Point VPN-1 Server, SecuRemote and SecureClient VPN (virtual private network) clients.
The first vulnerability is related to a flaw in the HTTP Security Server application proxy shiping with all versions of Firewall-1 which allows remote attackers to modify or tamper with the firewall rules and configuration.
A second flaw within the ISKMAP processing for VPN-1 Server, SecuRemote and SecureClient allows a remote attacker to compromise the security of any VPN-1 server or client running SecuRemote and SecureClient.
Check Point no longer supports the versions of VPN-1 and SecureRemote/SecureClient affected by this vulnerability. Check Point recommended users upgrade to Firewall-1 NG FP1 or greater.
Sumner Lemon writes for IDG News Service