Details of VAR-200802-0381

ID

VAR-200802-0381

CVE

CVE-2008-0662

TITLE

Check Point VPN-1 SecuRemote/SecureClient NGX Privilege Acquisition Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2008-002703

DESCRIPTION

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. Check Point VPN-1 SecureClient/SecuRemote client for Microsoft Windows is prone to an information-disclosure vulnerability because it fails to protect users' login credentials. Attackers can exploit this issue to harvest VPN login credentials and gain unauthorized access to networks and resources protected by the VPN. This may lead to further attacks. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: VPN-1 SecuRemote/SecureClient NGX R60 and NGAI R56 Information Disclosure SECUNIA ADVISORY ID: SA28820 VERIFY ADVISORY: http://secunia.com/advisories/28820/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system SOFTWARE: Check Point VPN-1 SecureClient http://secunia.com/product/2966/ Check Point VPN-1 SecuRemote http://secunia.com/product/2180/ DESCRIPTION: A vulnerability has been reported in VPN-1 SecuRemote/SecureClient NGX R60 and NGAI R56, which can be exploited by malicious, local users to disclose sensitive information. The vulnerability is caused due to the application storing user credentials within the Windows registry (HKLM\Software\Checkpoint\SecuRemote, subkey "Credentials") without proper permission settings. This can be exploited to disclose and use the credentials of other users. Successful exploitation reportedly requires that caching of credentials is enabled. The vulnerability is reported in VPN-1 SecuRemote/SecureClient NGX R60 and NGAI R56 for Windows. SOLUTION: Apply "VPN-1 SecuRemote/SecureClient NGX R60 HFA_02 Supplement 2". http://checkpoint.com/downloads/quicklinks/downloads_sr.html PROVIDED AND/OR DISCOVERED BY: Mike Vasquez, digihax ORIGINAL ADVISORY: https://supportcenter.checkpoint.com/supportcenter/PublicLoginRedirect.jsp?toURL=eventSubmit_doGoviewsolutiondetails=%26solutionid=sk34315 digihax: http://digihax.com/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-0662 // JVNDB: JVNDB-2008-002703 // BID: 27675 // VULHUB: VHN-30787 // PACKETSTORM: 63424

AFFECTED PRODUCTS

vendor:	checkpoint	model:	vpn-1 secureclient	scope:	eq	version:	ngx_r60	Trust: 1.6
vendor:	checkpoint	model:	vpn-1 secureclient	scope:	eq	version:	ngai_r56	Trust: 1.6
vendor:	チェックポイントソフトウェアテクノロジーズ	model:	vpn-1 secureclient	scope:	eq	version:	ngx r60 r56	Trust: 0.8
vendor:	チェックポイントソフトウェアテクノロジーズ	model:	vpn-1 secureclient	scope:	eq	version:	-	Trust: 0.8
vendor:	check	model:	point software vpn-1securemote/secureclient ngx r60	scope:	-	version:	-	Trust: 0.3
vendor:	check	model:	point software vpn-1securemote/secureclient ngai r56	scope:	-	version:	-	Trust: 0.3

sources: BID: 27675 // JVNDB: JVNDB-2008-002703 // CNNVD: CNNVD-200802-128 // NVD: CVE-2008-0662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-0662
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-0662
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200802-128
value:	HIGH
Trust: 0.6
VULHUB:	VHN-30787
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-0662
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-30787
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2008-0662
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2008-0662
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-30787 // JVNDB: JVNDB-2008-002703 // CNNVD: CNNVD-200802-128 // NVD: CVE-2008-0662

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.0
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-200	Trust: 0.1

sources: VULHUB: VHN-30787 // JVNDB: JVNDB-2008-002703 // NVD: CVE-2008-0662

THREAT TYPE

local

Trust: 1.0

sources: BID: 27675 // PACKETSTORM: 63424 // CNNVD: CNNVD-200802-128

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200802-128

PATCH

title:

Top Page

url:

http://www.checkpoint.com/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002703

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0662	Trust: 3.6
db:	BID	id:	27675	Trust: 2.0
db:	SECUNIA	id:	28820	Trust: 1.8
db:	VUPEN	id:	ADV-2008-0475	Trust: 1.7
db:	SECTRACK	id:	1019317	Trust: 1.7
db:	SREASON	id:	3627	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-002703	Trust: 0.8
db:	BUGTRAQ	id:	20080207 CHECKPOINT SECUREMOTE/SECURE CLIENT NGX AUTO LOCAL LOGON VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200802-128	Trust: 0.6
db:	VULHUB	id:	VHN-30787	Trust: 0.1
db:	PACKETSTORM	id:	63424	Trust: 0.1

sources: VULHUB: VHN-30787 // BID: 27675 // JVNDB: JVNDB-2008-002703 // PACKETSTORM: 63424 // CNNVD: CNNVD-200802-128 // NVD: CVE-2008-0662

REFERENCES

url:	https://usercenter.checkpoint.com/usercenter/portal/user/anon/page/supportcenter.psml	Trust: 2.0
url:	http://digihax.com/	Trust: 1.8
url:	http://www.securityfocus.com/bid/27675	Trust: 1.7
url:	http://www.securitytracker.com/id?1019317	Trust: 1.7
url:	http://secunia.com/advisories/28820	Trust: 1.7
url:	http://securityreason.com/securityalert/3627	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/487735/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/0475	Trust: 1.1
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0662	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/487735/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/0475	Trust: 0.6
url:	http://www.checkpoint.com/products/vpn-1_clients/index.html	Trust: 0.3
url:	/archive/1/487735	Trust: 0.3
url:	http://secunia.com/product/2966/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/2180/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/28820/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	https://supportcenter.checkpoint.com/supportcenter/publicloginredirect.jsp?tourl=eventsubmit_dogoviewsolutiondetails=%26solutionid=sk34315	Trust: 0.1
url:	http://checkpoint.com/downloads/quicklinks/downloads_sr.html	Trust: 0.1

sources: VULHUB: VHN-30787 // BID: 27675 // JVNDB: JVNDB-2008-002703 // PACKETSTORM: 63424 // CNNVD: CNNVD-200802-128 // NVD: CVE-2008-0662

CREDITS

MN Vasquez discovered this issue.

Trust: 0.3

sources: BID: 27675

SOURCES

db:	VULHUB	id:	VHN-30787
db:	BID	id:	27675
db:	JVNDB	id:	JVNDB-2008-002703
db:	PACKETSTORM	id:	63424
db:	CNNVD	id:	CNNVD-200802-128
db:	NVD	id:	CVE-2008-0662

LAST UPDATE DATE

2025-04-10T23:11:28.082000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-30787	date:	2018-10-15T00:00:00
db:	BID	id:	27675	date:	2015-05-07T17:33:00
db:	JVNDB	id:	JVNDB-2008-002703	date:	2024-02-22T02:38:00
db:	CNNVD	id:	CNNVD-200802-128	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-0662	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-30787	date:	2008-02-08T00:00:00
db:	BID	id:	27675	date:	2008-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2008-002703	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	63424	date:	2008-02-08T23:02:08
db:	CNNVD	id:	CNNVD-200802-128	date:	2008-02-07T00:00:00
db:	NVD	id:	CVE-2008-0662	date:	2008-02-08T02:00:00