The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

threat alert 12981

CheckPoint Security Gateway: information disclosure via VoIP

Synthesis of the vulnerability

When SecureXL is enabled on caller side, an attacker can capture VoIP communications of CheckPoint Security Gateway, in order to obtain sensitive information.
Severity of this bulletin: 2/4.
Creation date: 17/06/2013.
Références of this threat: sk92814, VIGILANCE-VUL-12981.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

CheckPoint Security Gateway allow establish VoIP calls thorough a VPN.

The VoIP signaling is exchanged via the SIP protocol. However, when SecureXL is enabled in the VPN end point at caller side, SIP messages are sent in plain text instead of begin encrypted as part of VPN traffic. This allows an attacker located in the public network to capture signaling traffic.

When SecureXL is enabled on caller side, an attacker can therefore capture VoIP communications of CheckPoint Security Gateway, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

This computer vulnerability bulletin impacts software or systems such as GAiA, CheckPoint Power-1 Appliance, Provider-1, SecurePlatform, CheckPoint Security Gateway, CheckPoint UTM-1 Appliance, CheckPoint VSX-1.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat

CheckPoint Security Gateway: patch for SIP.
A patch is available:
  http://supportcontent.checkpoint.com/file_download?id=19521
  http://supportcontent.checkpoint.com/file_download?id=24967
  http://supportcontent.checkpoint.com/file_download?id=24968
The information source includes the installation procedure;
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability note. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.