It has been reported that Check Point Firewall-1 SmartDashboard may be prone to a buffer overflow vulnerability that may allow an attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. The issue is reported to present itself when the SmartTracker utility is used to add a firewall filter for Firewall-1. An attacker may be able to cause a buffer overflow condition by supplying an excessive amount of data via the filter line. It has been reported that this issue affects the details column of the application as well. This may allow an attacker to leverage this issue remotely by submitting an excessively long HTTP request. Providing an administrator of the affected software views the details of the request, the issue may be triggered. It is likely that access to SmartDashboard requires administrator credentials, in which case this issue would not be considered a vulnerability. This has not been confirmed at the moment. Due to a lack of...
It has been reported that Check Point Firewall-1 SmartDashboard may be prone to a buffer overflow vulnerability that may allow an attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. The issue is reported to present itself when the SmartTracker utility is used to add a firewall filter for Firewall-1. An attacker may be able to cause a buffer overflow condition by supplying an excessive amount of data via the filter line. It has been reported that this issue affects the details column of the application as well. This may allow an attacker to leverage this issue remotely by submitting an excessively long HTTP request. Providing an administrator of the affected software views the details of the request, the issue may be triggered. It is likely that access to SmartDashboard requires administrator credentials, in which case this issue would not be considered a vulnerability. This has not been confirmed at the moment. Due to a lack of information further details cannot be outlined at the moment. This BID will be updated as more information becomes available. This vulnerability is reported to affect SmartDashboard supplied with Check Point Software NG-AI R54 and NG-AI R55, however, other versions could be affected as well.
