Check Point Advisories

WiKID Systems 2FA Enterprise Server Cross-Site Scripting (CVE-2019-17120)

Check Point Reference: CPAI-2019-2925
Date Published: 19 Jun 2023
Severity: Medium
Last Updated: Monday 19 June, 2023
Source:
Industry Reference:CVE-2019-17120
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable? WiKID Systems 2FA Enterprise Server 3.4.81 B676
WiKID Systems 2FA Enterprise Server 3.4.85 B780
WiKID Systems 2FA Enterprise Server 3.4.87 B1092
WiKID Systems 2FA Enterprise Server 3.4.87 B1159
WiKID Systems 2FA Enterprise Server 3.4.87 B1169
WiKID Systems 2FA Enterprise Server 3.4.87 B1216
WiKID Systems 2FA Enterprise Server 3.4.87 B824
WiKID Systems 2FA Enterprise Server 3.4.87 B839
WiKID Systems 2FA Enterprise Server 3.5.0 B1342
WiKID Systems 2FA Enterprise Server 3.5.0 B1352
WiKID Systems 2FA Enterprise Server 3.5.0 B1359
WiKID Systems 2FA Enterprise Server 3.5.0 B1373
WiKID Systems 2FA Enterprise Server 3.5.0 B1403
WiKID Systems 2FA Enterprise Server 3.5.0 B1411
WiKID Systems 2FA Enterprise Server 3.5.0 B1421
WiKID Systems 2FA Enterprise Server 3.5.0 B1428
WiKID Systems 2FA Enterprise Server 3.5.0 B1438
WiKID Systems 2FA Enterprise Server 3.5.0 B1472
WiKID Systems 2FA Enterprise Server 3.5.0 B1542
WiKID Systems 2FA Enterprise Server 3.5.0 B1580
WiKID Systems 2FA Enterprise Server 3.6.0 B1659
WiKID Systems 2FA Enterprise Server 3.6.0 B1672
WiKID Systems 2FA Enterprise Server 4.0 B1787
WiKID Systems 2FA Enterprise Server 4.0 B1798
WiKID Systems 2FA Enterprise Server 4.0 B1803
WiKID Systems 2FA Enterprise Server 4.0.1 B1817
WiKID Systems 2FA Enterprise Server 4.0.1 B1821
WiKID Systems 2FA Enterprise Server 4.0.1 B1905
WiKID Systems 2FA Enterprise Server 4.0.1 B1906
WiKID Systems 2FA Enterprise Server 4.0.2 B1917
WiKID Systems 2FA Enterprise Server 4.0.2 B1921
WiKID Systems 2FA Enterprise Server 4.1.0 B1926
WiKID Systems 2FA Enterprise Server 4.1.0 B1941
WiKID Systems 2FA Enterprise Server 4.1.0 B1949
WiKID Systems 2FA Enterprise Server 4.1.0 B1955
WiKID Systems 2FA Enterprise Server 4.2.0 B1978
WiKID Systems 2FA Enterprise Server 4.2.0 B1981
WiKID Systems 2FA Enterprise Server 4.2.0 B1984
WiKID Systems 2FA Enterprise Server 4.2.0 B2007
WiKID Systems 2FA Enterprise Server 4.2.0 B2014
WiKID Systems 2FA Enterprise Server 4.2.0 B2016
WiKID Systems 2FA Enterprise Server 4.2.0 B2020
WiKID Systems 2FA Enterprise Server 4.2.0 B2023
WiKID Systems 2FA Enterprise Server 4.2.0 B2028
WiKID Systems 2FA Enterprise Server 4.2.0 B2032
WiKID Systems 2FA Enterprise Server 4.2.0 B2047
Vulnerability Description A cross-site scripting vulnerability exists in WiKID Systems 2FA Enterprise Server. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system.

Protection Overview

This protection detects attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the WiKID Systems 2FA Enterprise Server Cross-Site Scripting (CVE-2019-17120) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  WiKID Systems 2FA Enterprise Server Cross-Site Scripting (CVE-2019-17120)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK