Details of VAR-200803-0188

ID

VAR-200803-0188

CVE

CVE-2008-1208

TITLE

Check Point VPN-1 UTM Edge W Embedded type NGX Login page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-002816

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The issue affects Check Point VPN-1 UTM Edge firmware 7.0.48x. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Input passed to the "user" parameter in the login page is not properly sanitised before being returned to the user. Other versions may also be affected. SOLUTION: Update to firmware version 7.5.48. PROVIDED AND/OR DISCOVERED BY: Henri Lindberg, Louhi Networks ORIGINAL ADVISORY: http://www.louhi.fi/advisory/checkpoint_080306.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-1208 // JVNDB: JVNDB-2008-002816 // BID: 28116 // VULHUB: VHN-31333 // PACKETSTORM: 64296

AFFECTED PRODUCTS

vendor:	checkpoint	model:	vpn-1 utm edge w embedded ngx	scope:	eq	version:	7.0.48	Trust: 1.6
vendor:	check point	model:	vpn-1 utm edge w embedded ngx	scope:	eq	version:	7.0.48x	Trust: 0.8
vendor:	check	model:	point vpn-1 utm edge ngx	scope:	eq	version:	7.0.48x	Trust: 0.3
vendor:	check	model:	point vpn-1 utm edge ngx	scope:	ne	version:	7.5.48	Trust: 0.3

sources: BID: 28116 // JVNDB: JVNDB-2008-002816 // CNNVD: CNNVD-200803-093 // NVD: CVE-2008-1208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-1208
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-1208
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200803-093
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-31333
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-1208
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-31333
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-31333 // JVNDB: JVNDB-2008-002816 // CNNVD: CNNVD-200803-093 // NVD: CVE-2008-1208

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-31333 // JVNDB: JVNDB-2008-002816 // NVD: CVE-2008-1208

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-093

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 64296 // CNNVD: CNNVD-200803-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002816

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-31333

PATCH

title:

checkpoint_080306

url:

http://www.louhi.fi/advisory/checkpoint_080306.txt

Trust: 0.8

sources: JVNDB: JVNDB-2008-002816

EXTERNAL IDS

db:	NVD	id:	CVE-2008-1208	Trust: 2.8
db:	BID	id:	28116	Trust: 2.0
db:	SECUNIA	id:	29243	Trust: 1.8
db:	SECTRACK	id:	1019554	Trust: 1.7
db:	VUPEN	id:	ADV-2008-0788	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-002816	Trust: 0.8
db:	CNNVD	id:	CNNVD-200803-093	Trust: 0.7
db:	BUGTRAQ	id:	20080306 CHECKPOINT VPN-1 UTM EDGE CROSS-SITE SCRIPTING	Trust: 0.6
db:	XF	id:	1	Trust: 0.6
db:	XF	id:	41032	Trust: 0.6
db:	SEEBUG	id:	SSVID-84676	Trust: 0.1
db:	EXPLOIT-DB	id:	31340	Trust: 0.1
db:	VULHUB	id:	VHN-31333	Trust: 0.1
db:	PACKETSTORM	id:	64296	Trust: 0.1

sources: VULHUB: VHN-31333 // BID: 28116 // JVNDB: JVNDB-2008-002816 // PACKETSTORM: 64296 // CNNVD: CNNVD-200803-093 // NVD: CVE-2008-1208

REFERENCES

url:	http://www.louhi.fi/advisory/checkpoint_080306.txt	Trust: 2.1
url:	http://www.securityfocus.com/bid/28116	Trust: 1.7
url:	http://www.securitytracker.com/id?1019554	Trust: 1.7
url:	http://secunia.com/advisories/29243	Trust: 1.7
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk34520	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/489203/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/0788	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/41032	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1208	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1208	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2008/0788	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/41032	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/489203/100/0/threaded	Trust: 0.6
url:	/archive/1/489203	Trust: 0.3
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk34520	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/13973/	Trust: 0.1
url:	http://secunia.com/advisories/29243/	Trust: 0.1

sources: VULHUB: VHN-31333 // BID: 28116 // JVNDB: JVNDB-2008-002816 // PACKETSTORM: 64296 // CNNVD: CNNVD-200803-093 // NVD: CVE-2008-1208

CREDITS

Henri Lindberg discovered this vulnerability.

Trust: 0.3

sources: BID: 28116

SOURCES

db:	VULHUB	id:	VHN-31333
db:	BID	id:	28116
db:	JVNDB	id:	JVNDB-2008-002816
db:	PACKETSTORM	id:	64296
db:	CNNVD	id:	CNNVD-200803-093
db:	NVD	id:	CVE-2008-1208

LAST UPDATE DATE

2025-04-10T19:55:55.940000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-31333	date:	2018-10-11T00:00:00
db:	BID	id:	28116	date:	2015-05-07T17:32:00
db:	JVNDB	id:	JVNDB-2008-002816	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200803-093	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-1208	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-31333	date:	2008-03-08T00:00:00
db:	BID	id:	28116	date:	2008-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2008-002816	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	64296	date:	2008-03-12T17:55:23
db:	CNNVD	id:	CNNVD-200803-093	date:	2008-03-07T00:00:00
db:	NVD	id:	CVE-2008-1208	date:	2008-03-08T00:44:00