PT-2007-4735 · Check Point · Check Point Sofaware Safe@Office

Published

2007-06-27

Updated

2018-10-16

CVE-2007-3464

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Check Point SofaWare Safe@Office versions prior to Embedded NGX 7.0.45 GA

Description The issue allows attackers to gain privileges without requiring the old password when changing the admin password. This could be exploited through vectors such as CSRF attacks or making a password change on an unattended workstation.

Recommendations For versions prior to Embedded NGX 7.0.45 GA, update to Embedded NGX 7.0.45 GA or later to resolve the issue. As a temporary workaround, consider restricting access to the password change functionality to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3464

Affected Products

Check Point Sofaware Safe@Office

PT-2007-4735 · Check Point · Check Point Sofaware Safe@Office

CVE-2007-3464

Related Identifiers

Affected Products

References · 6