It appears this bug has gone unoticed to vulnerability databases maintainers, very likely due to the lack of disclosure/publication. This usually means it's also not in compliance/patching systems and exposes customers to unecessary risk. To counteract I'd like to drop this note. Checkpoint SNX Escalation of Privileges Vulnerability ====================================================== Product:SSL Network Extender, Endpoint Security Client, Endpoint Connect, Endpoint Security VPN Version:R73 URL : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60510 The following product versions are not vulnerable: * EPS R80 * EPS R73 HFA01 * EPC R73 HFA01 * EPS R75 VPN * SNX R75 * SNX R71.30 All other versions of SNX, EPS and EPC are vulnerable. Credits -------- Check Point thanks Thierry Zoller and Nagib Guettiche of Verizon Business (www.verizonbusiness.com) for bringing this issue to our attention in a forthright and professional manner.
