VPN 1 Firewall 1
by Checkpoint
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15389 | Hig | 0.57 | 8.8 | 0.01 | Dec 31, 2025 | VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||
| CVE-2025-15388 | Hig | 0.57 | 8.8 | 0.01 | Dec 31, 2025 | VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||
| CVE-2025-15387 | Hig | 0.57 | 8.8 | 0.00 | Dec 31, 2025 | VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system. | ||
| CVE-2002-1623 | 0.04 | — | 0.49 | Dec 31, 2002 | The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses… | |||
| CVE-2001-0082 | 0.03 | — | 0.02 | Feb 12, 2001 | Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets. | |||
| CVE-2008-1397 | 0.00 | — | 0.02 | Mar 20, 2008 | Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as… | |||
| CVE-2001-1176 | 0.00 | — | 0.03 | Jul 12, 2001 | Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. | |||
| CVE-2001-1158 | 0.00 | — | 0.03 | Jul 9, 2001 | Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. | |||
| CVE-2000-0804 | 0.00 | — | 0.02 | Nov 14, 2000 | Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass." | |||
| CVE-2000-0807 | 0.00 | — | 0.02 | Nov 14, 2000 | The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." | |||
| CVE-2000-0806 | 0.00 | — | 0.02 | Nov 14, 2000 | The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass." | |||
| CVE-2000-0813 | 0.00 | — | 0.02 | Nov 14, 2000 | Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass." | |||
| CVE-2000-0809 | 0.00 | — | 0.02 | Nov 14, 2000 | Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. | |||
| CVE-2000-0808 | 0.00 | — | 0.02 | Nov 14, 2000 | The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication." | |||
| CVE-2000-0805 | 0.00 | — | 0.01 | Nov 14, 2000 | Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." |
- risk 0.57cvss 8.8epss 0.01
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
- risk 0.57cvss 8.8epss 0.01
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
- risk 0.57cvss 8.8epss 0.00
VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system.
- CVE-2002-1623Dec 31, 2002risk 0.04cvss —epss 0.49
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses…
- CVE-2001-0082Feb 12, 2001risk 0.03cvss —epss 0.02
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.
- CVE-2008-1397Mar 20, 2008risk 0.00cvss —epss 0.02
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as…
- CVE-2001-1176Jul 12, 2001risk 0.00cvss —epss 0.03
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
- CVE-2001-1158Jul 9, 2001risk 0.00cvss —epss 0.03
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
- CVE-2000-0804Nov 14, 2000risk 0.00cvss —epss 0.02
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
- CVE-2000-0807Nov 14, 2000risk 0.00cvss —epss 0.02
The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."
- CVE-2000-0806Nov 14, 2000risk 0.00cvss —epss 0.02
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."
- CVE-2000-0813Nov 14, 2000risk 0.00cvss —epss 0.02
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."
- CVE-2000-0809Nov 14, 2000risk 0.00cvss —epss 0.02
Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.
- CVE-2000-0808Nov 14, 2000risk 0.00cvss —epss 0.02
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."
- CVE-2000-0805Nov 14, 2000risk 0.00cvss —epss 0.01
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."