CVE-2013-7304

medium

Description

Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.

References

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784

https://exchange.xforce.ibmcloud.com/vulnerabilities/90674

http://www.securitytracker.com/id/1029704

http://www.securityfocus.com/bid/65135

http://secunia.com/advisories/56744

Details

Source: Mitre, NVD

Published: 2014-01-22

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00202