Vulnerabilities
Vulnerable Software
Checkpoint:  Security Vulnerabilities
CVE-2026-50751
Known exploited
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
CVSS Score
9.3
EPSS Score
0.711
Published
2026-06-08
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
CVSS Score
8.1
EPSS Score
0.004
Published
2025-08-12
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
CVSS Score
5.0
EPSS Score
0.004
Published
2025-08-06
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
CVSS Score
6.5
EPSS Score
0.002
Published
2025-08-06
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-06-29
Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
CVSS Score
6.5
EPSS Score
0.018
Published
2025-06-19
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.
CVSS Score
3.5
EPSS Score
0.002
Published
2025-04-27
For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-04-27
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
CVSS Score
5.3
EPSS Score
0.004
Published
2025-02-06
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-11-22


Contact Us

Shodan ® - All rights reserved