CVE-2004-0699

critical

Description

Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16824

http://xforce.iss.net/xforce/alerts/id/178

http://www.securityfocus.com/bid/10820

http://www.osvdb.org/displayvuln.php?osvdb_id=8290

http://www.kb.cert.org/vuls/id/435358

http://www.ciac.org/ciac/bulletins/o-190.shtml

http://www.checkpoint.com/techsupport/alerts/asn1.html

http://securitytracker.com/alerts/2004/Jul/1010799.html

http://secunia.com/advisories/12177/

Details

Source: Mitre, NVD

Published: 2004-09-28

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.17799