Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
umar7
Contributor

vulnerability

 
0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

Both ports are not listed here: sk52421: Ports used by Check Point software

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Blason_R
Leader
Leader

Those seems to be a httpd2 ports for multiportals. Since there are lot many portals running like captive portal, Mobile access portal, NAC, userChek on Apache and there are vhosts configuration done under Apache and those ports then start listening on then and has got a forwarding done internally 

e.g.

For me port 20988 listens on Apache2 which says it is opened for multiportal NAC/Captive Portal

/opt/CPshrd-R81/web/Apache/bin/httpd -DFOREGROUND -k start -f /opt/CPshrd-R81/conf/multiportal/httpd-conf/nac/httpd.conf -DPORTAL_NAME_nac

You will get more details from mpclient list command 

mpclient list
DLPSenderPortal
ExchangeRegistration
ReverseProxyClear
ReverseProxySSL
SecurePlatform
UserCheck
nac
nac_transparent_auth
saml-vpn
sslvpn

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
_Val_
Admin
Admin

First, half-open ports are not necessarily a vulnerability, even if Nessus thinks they are.  Vulnerability is something you can exploit.

Second, if you believe you indeed found a vulnerability in any of Check Point products, the only correct way to disclose it is to adhere to responsible disclose principles and to use this form 

0 Kudos
PhoneBoy
Admin
Admin

 

We use a number of random high TCP ports to redirect certain traffic to for various reasons (Threat Prevention, UserCheck, among others).
Even there is a vulnerability there, it’s only accessible from the local system and would require root access (expert mode) to do so, which should only be provided to authorized individuals.
Which makes this “vulnerability” not interesting.

The fact a vulnerability scanner can find this suggests your access policy needs to be improved.
Best practice is to have a stealth rule in place that blocks all traffic to the gateway except for the traffic needed to manage the device.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events