CVE-2008-5849Sensitive Information Exposure in Checkpoint Vpn-1

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 33.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Checkpoint Vpn-1
Timeline
PublishedJan 6
Latest updateMay 17

Description

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcheckpoint/vpn-1r55, r65+1

🔴Vulnerability Details

2
GHSA
GHSA-2fwx-xc3r-67p8: Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses2022-05-17
CVEList
CVE-2008-5849: Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses2009-01-06
CVE-2008-5849 — Sensitive Information Exposure | cvebase