Information Disclosure Vulnerability in Check Point VPN-1 Products
CVE-2008-5849

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Vpn-1
Vendor: CVE Published:; 6 January 2009

Summary

The Check Point VPN-1 products, when configured with Port Address Translation (PAT), exhibit a vulnerability that allows remote attackers to potentially expose internal intranet IP addresses. This occurs through the manipulation of packets with a small Time-To-Live (TTL) value. The malformed packet triggers an ICMP_TIMXCEED_INTRANS response, which inadvertently carries an encapsulated packet revealing sensitive intranet addresses. Attackers can exploit this behavior by sending specially crafted TCP packets to the firewall management server, making it critical for organizations utilizing affected versions to review their configurations and apply necessary mitigations.

References

https://supportcenter.checkpoint.com/supportcenter/portal...

x_refsource_CONFIRM

http://secunia.com/advisories/32728

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46645

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 6, 2009
Vulnerability Reserved
Jan 6, 2009