Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
David_Herselman
Collaborator

Check Point VPN client 'home page' still links to insecure version

The Check Point VPN client 'home page', available here:

https://www.checkpoint.com/products/remote-access-vpn/

 

Still links to E81.20 which is susceptible to a local privileged escalation flaw published in CVE-2019-8461.

 

Surely this should have been updated to reference the following URL 4 days ago?

Enterprise Endpoint Security E81.30 Windows Clients:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

Regards

David Herselman

0 Kudos
3 Replies
Wolfgang
Leader
Leader

David_Herselman
Collaborator

Thanks Wolfgang, that does explain the details. I still think Check Point should maintain both the actual home page (which requires a Check Point account) and the 'home page' that users would find via a 'check point vpn client' Google search, to both reference the latest publicly available version.

 

Google search:

https://www.checkpoint.com/products/remote-access-vpn/ references E81.20

 

Official home page:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... references E81.30

 

 

If this flaw primarily affects new installations, then the most commonly referred to download link should reference the version which provides protection, no?

 

 

Regards

David Herselman

0 Kudos
PhoneBoy
Admin
Admin

Hi, thanks for bringing this to our attention.
I'll let the team who manages checkpoint.com know to point to the later version of the client.
0 Kudos