Unrated severityNVD Advisory· Published Jun 29, 2007· Updated Jun 16, 2026
CVE-2007-3489
CVE-2007-3489
Description
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:h:checkpoint:vpn-1_utm_edge:7.0.33:*:utm_edge:*:*:*:*:*
- Range: 7.0.33x
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/25853nvdPatchVendor Advisory
- osvdb.org/37645nvd
- securityreason.com/securityalert/2848nvd
- www.louhi.fi/advisory/checkpoint_070626.txtnvd
- www.securityfocus.com/archive/1/472371/100/0/threadednvd
- www.vupen.com/english/advisories/2007/2363nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35103nvd
News mentions
0No linked articles in our index yet.