Flaws found late Wednesday in Check Point Software's popular firewall and VPN software could allow an attacker to gain entrance to enterprise networks, crash computers, and otherwise wreck havoc, Internet Security Systems said in a critical alert.
The disclosure of the vulnerabilities is yet another sign of a move by hackers to hammer at security software, firewalls, and intrusion detection systems, the very devices and applications enterprises rely on to defend themselves against intruders, said Dan Ingevaldson, the director of ISS's X-Force research team.
"Attackers now have only a few choices when they target hardened systems," said Ingevaldson. "Firewalls and other security software have done a pretty good job of blocking attacks, but the end result is that hackers are focusing their efforts on security systems themselves."
The first vulnerability found by ISS is within Check Point Firewall-1, and stems from the HTTP Application Intelligence (AI) that's designed to prevent potential attacks or detect protocol anomalies aimed at servers behind the firewall. The flaw also exists in the HTTP Security Server applications proxy that ships with all version of Firewall-1, including the most recent.
Attackers could use this vulnerability to completely compromise even heavily hardened networks protected by Check Point's firewall, allowing them to tamper with the firewall settings to give them access to machines on the network.