Comsec
detects security bug in one of Check Point's main security product
Comsec
Consulting has detected a security bug in Check Point's Endpoint Connect.
‘Endpoint
Connect’ unifies the protection of the user end-station under a single security
management console. The product can be found in use
across all sectors.
According
to Moshe Ishai, CEO of Comsec Consulting,
"the discovery was of a vulnerability, which could lead (if abused) to
gaining control over any workstation the product is installed on. This
vulnerability provides the attacker with potential to perform malicious
activities, ranging from sniffing for information, to causing actual damage."
Moshe Ishai
further added that, "Check Point is
considered one of the leading security product companies on the market,
offering high quality security solutions. It is possible to discover bugs in
any products (software or hardware), and Check Point should be credited, as
they immediately took all efforts to offer its customers an immediate fix.
Check Point ensured a rapid remediation, which makes the product even more
resilient than before. "
The bug was
discovered by Comsec several weeks ago, but was kept secret and reported only
to the product manufacturer. From this time, Check Point has worked vigorously
in order to release an improved version which includes a fix for the risk
identified by Comsec.
The
affected product versions include: E75, E80.20, E80.30, R73 - (customers who update the version of their
product will not be exposed to the aforementioned vulnerability).