[原文]The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."
Check Point FireWall-1 FWA1 Authentication Weakness
Remote / Network Access
Loss of Integrity
Check Point FireWall-1 contains a flaw that may allow a remote attacker to authenticate against the server. The issue is due to a weakness in the FWA1 protocol. An attacker may be able to replay a modified challenge from a server to authenticate to the firewall. Despite authenticating, the attacker would not have the encryption key necessary to maintain communication or execute commands.
Upgrade to version 4.0 SP7, 4.1 SP2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.