Vulnerabilities > CVE-2022-23746 - Improper Restriction of Excessive Authentication Attempts vulnerability in Checkpoint SSL Network Extender

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

checkpoint

CWE-307

NVD

Published: 2022-11-30

Updated: 2022-12-06

Summary

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Vulnerable Configurations

Part	Description	Count
Application	Checkpoint Checkpoint SSL Network Extender R81.10 Checkpoint SSL Network Extender R80.20 Checkpoint SSL Network Extender R80.20Sp Checkpoint SSL Network Extender R80.30 Checkpoint SSL Network Extender R80.30Sp Checkpoint SSL Network Extender R80.40 Checkpoint SSL Network Extender R81	190

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180271