OpenCVE

Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Checkpoint	Vpn-1 Utm Edge

Configuration 1 [-]

cpe:2.3:h:checkpoint:vpn-1_utm_edge:7.0.33:*:utm_edge:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/37645
http://secunia.com/advisories/25853
http://securityreason.com/securityalert/2848
http://www.louhi.fi/advisory/checkpoint_070626.txt
http://www.securityfocus.com/archive/1/472371/100/0/threaded
http://www.vupen.com/english/advisories/2007/2363
https://exchange.xforce.ibmcloud.com/vulnerabilities/35103

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-29T18:00:00

Updated: 2024-08-07T14:21:36.085Z

Reserved: 2007-06-29T00:00:00

Link: CVE-2007-3489

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-29T18:30:00.000

Modified: 2018-10-16T16:50:09.367

Link: CVE-2007-3489

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "checkpoint-vpn1edge-unspecified-csrf(35103)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35103"}, {"name": "37645", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37645"}, {"name": "ADV-2007-2363", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2363"}, {"name": "25853", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25853"}, {"name": "2848", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2848"}, {"name": "20070627 CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/472371/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.louhi.fi/advisory/checkpoint_070626.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3489", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "checkpoint-vpn1edge-unspecified-csrf(35103)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35103"}, {"name": "37645", "refsource": "OSVDB", "url": "http://osvdb.org/37645"}, {"name": "ADV-2007-2363", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2363"}, {"name": "25853", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25853"}, {"name": "2848", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2848"}, {"name": "20070627 CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/472371/100/0/threaded"}, {"name": "http://www.louhi.fi/advisory/checkpoint_070626.txt", "refsource": "MISC", "url": "http://www.louhi.fi/advisory/checkpoint_070626.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:21:36.085Z"}, "title": "CVE Program Container", "references": [{"name": "checkpoint-vpn1edge-unspecified-csrf(35103)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35103"}, {"name": "37645", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37645"}, {"name": "ADV-2007-2363", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2363"}, {"name": "25853", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25853"}, {"name": "2848", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2848"}, {"name": "20070627 CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/472371/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.louhi.fi/advisory/checkpoint_070626.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3489", "datePublished": "2007-06-29T18:00:00", "dateReserved": "2007-06-29T00:00:00", "dateUpdated": "2024-08-07T14:21:36.085Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:checkpoint:vpn-1_utm_edge:7.0.33:*:utm_edge:*:*:*:*:*", "matchCriteriaId": "1C50F6BF-BB6A-47CB-A44E-5ED693C611C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en pop/WizU.html en la interfaz de administraci\u00f3n de Check Point VPN-1 Edge X Embedded NGX 7.0.33x en el Check Point VPN-1 UTM Edge permite a atacantes remotos realizar acciones privilegiadas como administradores, como se ha demostrado utilizando una petici\u00f3n con los par\u00e1metros swuuser y swupass, lo cual a\u00f1ade una cuenta de administrador. NOTA: el ataque CSRF no tiene una ventana de tiempo porque no hay capacidad de desconexi\u00f3n en la interfaz de administraci\u00f3n."}], "id": "CVE-2007-3489", "lastModified": "2018-10-16T16:50:09.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-29T18:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37645"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25853"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2848"}, {"source": "cve@mitre.org", "url": "http://www.louhi.fi/advisory/checkpoint_070626.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/472371/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2363"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35103"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}