Summary
Checkpoint VPN-1 PAT information disclosure
By sending crafted packets to ports on the firewall which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. Port 18264/tcp on the firewall is typically configured in such a manner, with packets to this port being rewritten to reach the firewall management server. For example, the firewall fails to correctly sanitise the encapsulated IP headers in ICMP time-to-live exceeded packets resulting in internal IP addresses being disclosed.
On the following platforms, we recommend you mitigate in the described manner:
Checkpoint VPN-1 R55
Checkpoint VPN-1 R65
We recommend you mitigate in the following manner:
Disable any implied rules and only open ports for required services Filter outbound ICMP time-to-live exceeded packets
Solution
We are not aware of a vendor approved solution at the current time.
False positive:
This could be false positive alert. Try running same scan against single host where this vulnerability is reported.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5849 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities