VPN-1 [1] and Security Gateway with firewall and vpn Software Blades [2]

Known vulnerabilities detected

Our automated heuristics have identified vulnerabilities that may be associated with this certificate. See the CVEs section for details.

Certificate #1219

Webpage information

Status historical
Historical reason RNG SP800-131A Revision 1 Transition
Validation dates 27.10.2009 , 20.11.2009 , 27.07.2011
Standard FIPS 140-2
Security level 1
Type Firmware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode
Exceptions
  • Roles, Services, and Authentication: Level 2
  • Design Assurance: Level 2
  • Tested: Dell PowerEdge 1750 and Power-1 5070 with Check Point SecurePlatform Operating System, version NGX R65 HFA 30
Description Check Point's Security Gateway Software Blades R70.1 and VPN-1 R65 with hot fix HFA 30 provide an integrated software solution combining a firewall, vpn, and the hardened SecurePlatform operating system. Designed to meet the requirements of Internet, intranet, and extranet vpns it provides secure connectivity to corporate networks with remote and mobile users, branch offices, and business partners.
Version (Firmware) NGX R65 with hot fix HFA 30 [1] and R70.1 [2]
Vendor Check Point Software Technologies Ltd.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, CAST, DES, 3DES, TDES, Triple-DES, HMAC
Asymmetric Algorithms
Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA1, MD5
Schemes
MAC, Key exchange, Key Exchange, Key Agreement
Protocols
SSH, SSL, TLS, TLS v1.0, IKE, VPN
Randomness
PRNG, RNG
Block cipher modes
CBC

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS PUB 197, FIPS 46-3, FIPS 198, FIPS 180-2, PKCS#1, RFC 2104, RFC 2404, RFC 2246, RFC 2403

File metadata

Title Microsoft Word - Check Point VPN-1_NGX Software Blades R7x v3.03-_2011-07-1…
Author josmith7
Creation date D:20110722143226-04'00'
Modification date D:20110722143226-04'00'
Pages 39
Creator PScript5.dll Version 5.2.2
Producer Acrobat Distiller 7.0.5 (Windows)

References

Incoming
  • 1551 - historical - Check Point IP Appliance
  • 1552 - historical - Check Point IP Appliance
  • 1581 - historical - Check Point IP Appliance

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

Related CVEs

ID Links Severity CVSS Score Published on
Base Exploitability Impact
CVE-1999-1204
C N
HIGH 7.5 6.4 11.05.1998
CVE-2000-1201
C N
MEDIUM 5.0 2.9 31.08.2001
CVE-2004-0039
C N
HIGH 10.0 10.0 03.03.2004
CVE-2004-0699
C N
HIGH 7.5 6.4 28.09.2004

References

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 1219,
  "dgst": "53f4041ba0cc8ed1",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA#66",
        "Triple-DES#338",
        "SHS#1054",
        "Triple-DES#733",
        "HMAC#1004",
        "Triple-DES#824",
        "SHS#1053",
        "SHS#1512",
        "AES#1728",
        "HMAC#67",
        "SHS#1511",
        "Triple-DES#1115",
        "Triple-DES#825",
        "RNG#90",
        "RNG#917",
        "SHS#890",
        "HMAC#1003",
        "RSA#853",
        "RSA#132",
        "RNG#628",
        "Triple-DES#1114",
        "AES#257",
        "HMAC#642",
        "RSA#537",
        "HMAC#502",
        "HMAC#643",
        "AES#1130",
        "SHS#332"
      ]
    },
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:a:checkpoint:vpn-1:-:*:*:*:*:*:*:*",
        "cpe:2.3:a:checkpoint:firewall-1:-:*:*:*:*:*:*:*",
        "cpe:2.3:a:checkpoint:vpn-1_firewall_1:-:*:*:*:*:*:*:*",
        "cpe:2.3:a:checkpoint:vpn-1_firewall-1:-:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "70.1"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "1581",
          "1551",
          "1552"
        ]
      },
      "directly_referencing": null,
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "2472",
          "1551",
          "2471",
          "1552",
          "1581"
        ]
      },
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": {
      "_type": "Set",
      "elements": [
        "CVE-2000-1201",
        "CVE-2004-0699",
        "CVE-2004-0039",
        "CVE-1999-1204"
      ]
    },
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "FF": {
          "DH": {
            "DH": 4,
            "Diffie-Hellman": 9
          },
          "DSA": {
            "DSA": 1
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 39
        },
        "SSH": {
          "SSH": 2
        },
        "TLS": {
          "SSL": {
            "SSL": 3
          },
          "TLS": {
            "TLS": 42,
            "TLS v1.0": 1
          }
        },
        "VPN": {
          "VPN": 14
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1
        },
        "KEX": {
          "Key Exchange": 2,
          "Key exchange": 1
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1003": 1,
          "#1004": 1,
          "#1053": 1,
          "#1054": 1,
          "#1114": 1,
          "#1115": 1,
          "#1130": 1,
          "#132": 1,
          "#1511": 1,
          "#1512": 1,
          "#1728": 1,
          "#257": 1,
          "#332": 1,
          "#338": 1,
          "#502": 1,
          "#537": 2,
          "#628": 1,
          "#642": 1,
          "#643": 1,
          "#66": 1,
          "#67": 2,
          "#733": 1,
          "#824": 1,
          "#825": 1,
          "#853": 2,
          "#890": 1,
          "#90": 1,
          "#917": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES (128": 1,
          "HMAC-SHA-1": 1,
          "HMAC-SHA-1 (20": 1,
          "HMAC-SHA-1-96": 2,
          "PKCS#1": 3,
          "SHA-1": 8,
          "SHA1": 1,
          "\u2013 PKCS#1": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 5,
          "level 1": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 1
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 8,
            "SHA1": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "PRNG": 8
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 30,
          "FIPS 180-2": 1,
          "FIPS 198": 1,
          "FIPS 46-3": 1,
          "FIPS PUB 140-2": 1,
          "FIPS PUB 197": 1
        },
        "PKCS": {
          "PKCS#1": 2
        },
        "RFC": {
          "RFC 2104": 2,
          "RFC 2246": 1,
          "RFC 2403": 1,
          "RFC 2404": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 4
          },
          "CAST": {
            "CAST": 1
          }
        },
        "DES": {
          "3DES": {
            "3DES": 1,
            "TDES": 3,
            "Triple-DES": 3
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 5
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "josmith7",
      "/CreationDate": "D:20110722143226-04\u002700\u0027",
      "/Creator": "PScript5.dll Version 5.2.2",
      "/ModDate": "D:20110722143226-04\u002700\u0027",
      "/Producer": "Acrobat Distiller 7.0.5 (Windows)",
      "/Title": "Microsoft Word - Check Point VPN-1_NGX Software Blades R7x v3.03-_2011-07-1\u2026",
      "pdf_file_size_bytes": 654069,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 39
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "49c510420a3beb3acfd6431b6692fd03a2cb5f89a3ba56ff81c69dd16f59927f",
    "policy_txt_hash": "8bc342815e8964cd8f5322dd617f42ab6c9a12e66180202a6d84f46c41d5c306"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/140crt1219.pdf",
    "date_sunset": null,
    "description": "Check Point\u0027s Security Gateway Software Blades R70.1 and VPN-1 R65 with hot fix HFA 30 provide an integrated software solution combining a firewall, vpn, and the hardened SecurePlatform operating system. Designed to meet the requirements of Internet, intranet, and extranet vpns it provides secure connectivity to corporate networks with remote and mobile users, branch offices, and business partners.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 2",
      "Design Assurance: Level 2",
      "Tested: Dell PowerEdge 1750 and Power-1 5070 with Check Point SecurePlatform Operating System, version NGX R65 HFA 30"
    ],
    "fw_versions": "NGX R65 with hot fix HFA 30 [1] and R70.1 [2]",
    "historical_reason": "RNG SP800-131A Revision 1 Transition",
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "VPN-1 [1] and Security Gateway with firewall and vpn Software Blades [2]",
    "module_type": "Firmware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2009-10-27",
        "lab": "CYGNACOM SOLUTIONS INC",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2009-11-20",
        "lab": "",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2011-07-27",
        "lab": "CYGNACOM SOLUTIONS INC",
        "validation_type": "Update"
      }
    ],
    "vendor": "Check Point Software Technologies Ltd.",
    "vendor_url": "http://www.checkpoint.com"
  }
}