Check Point dismisses firewall vulnerability research

Check Point has dismissed claims of flaws in its firewalls.

Research from penetration testers ProCheckUp found a number of vulnerabilities in the market leading Check Point firewall device which it claimed could be used to carry out attacks on end-users.

ProCheckUp said that it created a proof of concept which demonstrated that when combining vulnerabilities, they can could completely subvert the protective nature of the firewall so that the firewall could be used to carry out attacks on any internal network or wireless end-users.

It said: "Although cross-site scripting, cross-site request forgery, offsite redirection and information disclosure vulnerabilities are well exercised, it should be stressed that these have been found on a security appliance which may affect a large number of organisations, as these devices are commonly used." It advised Check Point customers to upgrade to firmware version 8.2.44.

In response, Check Point said that it released firmware version 8.2.45 in October 2011 to fixes these vulnerabilities and said that to exploit these vulnerabilities (if they are unpatched), an attacker has to trick the firewall administrator to visit a malicious site while they are logged into the firewall WebUI.

"Check Point thanks technical director Richard Brain and ProCheckUp for the responsible disclosure of these issues," it said.

In response, Brain said: "There is a session management issue - so if the firewall administrator does not explicitly log off, the session remains active for a number of hours, making XSRF attacks more viable.

"The core point of the local access issue; is that normally with appliances you have to perform a factory reset to defaults if you lose the password. With the exploit you can access the admin password without needing a factory reset. Finally no security related device should be vulnerable to XSS flaws in 2012."

The following article appears on SC Magazine. You can click here to read it in its original source.