HomePentest-Tools.com Logo

Checkpoint VPN-1 PAT Information Disclosure CVE-2008-5849

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Checkpoint VPN-1 PAT information disclosure.

Risk description

By sending crafted packets to ports on the firewall which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. Port 18264/tcp on the firewall is typically configured in such a manner, with packets to this port being rewritten to reach the firewall management server. For example, the firewall fails to correctly sanitise the encapsulated IP headers in ICMP time-to-live exceeded packets resulting in internal IP addresses being disclosed. False positive: This could be false positive alert. Try running same scan against single host where this vulnerability is reported.

Recommendation

We are not aware of a vendor approved solution at the current time. On the following platforms, we recommend you mitigate in the described manner: Checkpoint VPN-1 R55 Checkpoint VPN-1 R65 We recommend you mitigate in the following manner: Disable any implied rules and only open ports for required services Filter outbound ICMP time-to-live exceeded packets.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 6, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available