CVE: CVE-2008-0662

Export to Word

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0004
Percentile: 0.11113

CVSS Scoring

CVSS v3.1 Score: 7.8

Severity: HIGH

Mapped CWE(s)

CWE-732 : Incorrect Permission Assignment for Critical Resource

All CAPEC(s)

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
CAPEC-122: Privilege Abuse
CAPEC-127: Directory Indexing
CAPEC-17: Using Malicious Files
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-206: Signing Malicious Code
CAPEC-234: Hijacking a privileged process
CAPEC-60: Reusing Session IDs (aka Session Replay)
CAPEC-61: Session Fixation
CAPEC-62: Cross Site Request Forgery
CAPEC-642: Replace Binaries

CAPEC(s) with Mapped TTPs

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
- T1574.010 : Services File Permissions Weakness
CAPEC-122: Privilege Abuse
Mapped TTPs:
- T1548 : Abuse Elevation Control Mechanism
CAPEC-127: Directory Indexing
Mapped TTPs:
- T1083 : File and Directory Discovery
CAPEC-17: Using Malicious Files
Mapped TTPs:
- T1574.005 : Executable Installer File Permissions Weakness
- T1574.010 : Services File Permissions Weakness
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
Mapped TTPs:
- T1574.010 : Services File Permissions Weakness
CAPEC-206: Signing Malicious Code
Mapped TTPs:
- T1553.002 : Code Signing
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
- T1134.001 : Token Impersonation/Theft
- T1550.004 : Web Session Cookie
CAPEC-642: Replace Binaries
Mapped TTPs:
- T1505.005 : Terminal Services DLL
- T1554 : Compromise Host Software Binary
- T1574.005 : Executable Installer File Permissions Weakness

Mapped ATT&CK TTPs

T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1548 : Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
T1083 : File and Directory Discovery
Kill Chain: discovery
T1574.005 : Executable Installer File Permissions Weakness
Kill Chain: persistence
T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1553.002 : Code Signing
Kill Chain: defense-evasion
T1134.001 : Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004 : Web Session Cookie
Kill Chain: defense-evasion
T1505.005 : Terminal Services DLL
Kill Chain: persistence
T1554 : Compromise Host Software Binary
Kill Chain: persistence
T1574.005 : Executable Installer File Permissions Weakness
Kill Chain: persistence

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
APT41 DUST
SolarWinds Compromise
Operation CuckooBees
Operation Honeybee
2016 Ukraine Electric Power Attack
RedDelta Modified PlugX Infection Chain Operations
Operation Dream Job
C0015
Night Dragon
HomeLand Justice
Cutting Edge
KV Botnet Activity

Affected Products

cpe:2.3:a:checkpoint:vpn-1_secureclient:ngai_r56:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:vpn-1_secureclient:ngx_r60:*:*:*:*:*:*:*

← Back to Home