Unrated severityNVD Advisory· Published Jan 24, 2007· Updated Apr 23, 2026

CVE-2007-0471

Description

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.

Affected products

Checkpoint/Connectra Ngx
cpe:2.3:a:checkpoint:connectra_ngx:*:*:*:*:*:*:*:*
Range: <=r62

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.htmlnvdExploitVendor Advisory
secunia.com/advisories/23847nvdVendor Advisory
www.vupen.com/english/advisories/2007/0276nvdVendor Advisory
osvdb.org/31655nvd
secureknowledge.checkpoint.com/SecureKnowledge/viewSolutionDocument.donvd
securityreason.com/securityalert/2179nvd
securitytracker.com/idnvd
securitytracker.com/idnvd
updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdfnvd
www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.htmlnvd
www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.htmlnvd
www.securityfocus.com/archive/1/457621/100/0/threadednvd
www.securityfocus.com/archive/1/457683/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/31646nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000