CVE-2014-8951

Name of the Vulnerable Software and Affected Versions Check Point Security Gateway versions R75 through R77.10

Description The issue is related to an unspecified vulnerability in Check Point Security Gateway when UserCheck is enabled and certain blades are used, including Application Control, URL Filtering, DLP, Threat Emulation, Anti-Bot, or Anti-Virus. This vulnerability allows remote attackers to cause a denial of service by crashing the fwk0 process, resulting in a core dump and restart, via a redirect to the UserCheck page. The vulnerability is also described as being related to resource release errors, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Check Point Security Gateway versions R75 through R77.10, consider disabling the UserCheck feature until a patch is available to prevent the denial of service caused by the redirect to the UserCheck page. At the moment, there is no information about a newer version that contains a fix for this vulnerability.