Описание
Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.0 (включая)
cpe:2.3:a:checkpoint:endpoint_security_mi_server_r73:*:hfa2.5:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00202
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.
EPSS
Процентиль: 42%
0.00202
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310