IDG News Service - Internet Security System Inc. yesterday issued a warning about critical vulnerabilities in Check Point Software Technologies Ltd.'s Check Point Firewall-1, Check Point VPN-1 Server, and SecuRemote and SecureClient VPN (virtual private network) clients.
The first vulnerability is related to a flaw in the HTTP Security Server application proxy that ships with all versions of Firewall-1. The flaw could allow remote attackers to modify or tamper with the firewall rules and configuration, compromising the security of the network, ISS said in a statement.
A second flaw within the ISKMAP processing for VPN-1 Server, SecuRemote and SecureClient can allow a remote attacker to compromise the security of any VPN-1 server or client running SecuRemote and SecureClient, the company said in a separate advisory.
Check Point no longer supports the versions of VPN-1 and SecureRemote/SecureClient affected by this vulnerability, ISS said. Check Point recommends that affected users upgrade to Firewall-1 NG FP1 or greater, it said.
Check Point couldn't immediately be reached for comment.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
