CVE-2022-23746

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Published: 2022-11-30 Last update: 2025-04-25 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-23746 is rated Moderate Risk (51.6/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.40%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-23746

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-22 0.25% 0.40% +0.15%
2 2025-09-26 0.19% 0.25% +0.06%
3 2025-03-30 0.19%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-23746

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 3.9 3.6 [email protected]
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 3.9 3.6 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2022-23746

Affected software / configurations for CVE-2022-23746

Vendor Product Version Raw CPE
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:-:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_10:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_103:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_117:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_118:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_127:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_134:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_135:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_138:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_141:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_149:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_155:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_156:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_160:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_161:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_17:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_173:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_183:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_187:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_188:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_190:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_202:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_203:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_205:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_208:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_210:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_211:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_220:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_33:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_42:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_47:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_73:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_74:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_80:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_87:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20 cpe:2.3:a:checkpoint:ssl_network_extender:r80.20:take_91:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:-:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_105:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_121:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_163:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_178:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_191:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_210:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_240:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_258:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_266:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_273:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_279:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_283:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_295:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_302:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_304:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_305:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_306:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_309:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_310:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_313:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_314:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_315:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_317:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_326:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_327:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_331:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_332:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_334:*:*:*:-:*:*
checkpoint ssl_network_extender r80.20sp cpe:2.3:a:checkpoint:ssl_network_extender:r80.20sp:take_335:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:-:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_107:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_111:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_135:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_136:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_140:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_155:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_163:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_166:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_168:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_180:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_19:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_191:*:*:*:-:*:*
checkpoint ssl_network_extender r80.30 cpe:2.3:a:checkpoint:ssl_network_extender:r80.30:take_195:*:*:*:-:*:*

References for CVE-2022-23746

cvelogic Threat Intelligence