Every CVE whose affected-product data names Checkpoint Firewall-1, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2004-0039 — CVSS 10.0 (critical): Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and…
CVE-2004-0469 — CVSS 10.0 (critical): Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54…
CVE-2004-0040 — CVSS 10.0 (critical): Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build…
CVE-2005-3673 — CVSS 7.8 (high): The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via…
CVE-2004-2679 — CVSS 7.8 (high): Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key…
CVE-2000-0116 — CVSS 7.5 (high): Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including…
CVE-2004-0079 — CVSS 7.5 (high): The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service…
CVE-2000-0807 — CVSS 7.5 (high): The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof…
CVE-2000-0808 — CVSS 7.5 (high): The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows…
CVE-2004-0699 — CVSS 7.5 (high): Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote…
CVE-2000-0150 — CVSS 7.5 (high): Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets…
CVE-2001-1158 — CVSS 7.5 (high): Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended…
CVE-2001-1176 — CVSS 7.5 (high): Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary…
CVE-2000-0804 — CVSS 7.5 (high): Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection…
CVE-2000-0805 — CVSS 7.5 (high): Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ…
CVE-2002-0428 — CVSS 7.5 (high): Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire…
CVE-2001-0082 — CVSS 7.5 (high): Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented…
CVE-2000-0779 — CVSS 7.5 (high): Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC…
CVE-2001-0940 — CVSS 7.5 (high): Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to…
CVE-2000-1037 — CVSS 7.5 (high): Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords…
CVE-1999-1204 — CVSS 7.5 (high): Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could…
CVE-2001-1171 — CVSS 7.2 (high): Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules…
CVE-2001-1101 — CVSS 6.4 (medium): The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files…
CVE-2001-1102 — CVSS 6.2 (medium): Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary…
CVE-2006-3885 — CVSS 5.0 (medium): Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an…
CVE-2000-0181 — CVSS 5.0 (medium): Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP…
CVE-2000-0482 — CVSS 5.0 (medium): Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.
CVE-2000-0582 — CVSS 5.0 (medium): Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as…
CVE-2000-0806 — CVSS 5.0 (medium): The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a…
CVE-2000-0809 — CVSS 5.0 (medium): Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and…
CVE-2000-0813 — CVSS 5.0 (medium): Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via…
CVE-2000-1032 — CVSS 5.0 (medium): The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames…
CVE-2000-1201 — CVSS 5.0 (medium): Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
CVE-2001-0182 — CVSS 5.0 (medium): FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP…
CVE-2001-1303 — CVSS 5.0 (medium): The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information…
CVE-2001-1431 — CVSS 5.0 (medium): Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and…
CVE-2003-0757 — CVSS 5.0 (medium): Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain…
CVE-2004-0081 — CVSS 5.0 (medium): OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service…
CVE-2004-0112 — CVSS 5.0 (medium): The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of…
CVE-1999-0675 — CVSS 5.0 (medium): Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.
CVE-2002-2405 — CVSS 4.9 (medium): Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass…
CVE-1999-0770 — CVSS 2.1 (low): Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of…