It appears this bug has gone unoticed to vulnerability databases
maintainers, very likely due to the lack of disclosure/publication.
This usually means it's also not in compliance/patching systems and
exposes customers to unecessary risk. To counteract I'd like to drop
this note.

Checkpoint SNX Escalation of Privileges Vulnerability

Product:SSL Network Extender, Endpoint Security Client, Endpoint Connect, Endpoint Security VPN
Version:R73
URL : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60510

The following product versions are not vulnerable:

• EPS R80
• EPS R73 HFA01
• EPC R73 HFA01
• EPS R75 VPN
• SNX R75
• SNX R71.30

All other versions of SNX, EPS and EPC are vulnerable.

Credits

Check Point thanks Thierry Zoller and Nagib Guettiche of Verizon Business (www.verizonbusiness.com) for bringing this issue to our attention in a forthright and
professional manner.