Robert Mitchell

**Name of the Vulnerable Software and Affected Versions** Check Point VPN-1 Power/UTM versions NGX R60 through R65 Check Point VPN-1 Power/UTM version NG AI R55 **Description** The issue allows remote authenticated users to cause a denial of service, potentially leading to a site-to-site VPN tunnel outage, and possibly intercept network traffic. This can be achieved by configuring the local RFC1918 IP address to be the same as one of the tunnel's endpoint RFC1918 IP addresses and then using SecuRemote to connect to a network interface at the other endpoint. **Recommendations** For Check Point VPN-1 Power/UTM versions NGX R60 through R65, consider reconfiguring the local RFC1918 IP address to avoid matching the tunnel's endpoint RFC1918 IP addresses. For Check Point VPN-1 Power/UTM version NG AI R55, restrict access to SecuRemote to prevent unauthorized connections to network interfaces at the other endpoint.