CVE-2008-5849
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.
Check Point VPN-1 R55, R65, y otras versiones, cuando la traducción de direcciones de puerto (PAT) es utilizada, permite a atacantes remotos conocer las direcciones IP de la intranet a través de un paquete con un pequeño TTL, que lanza una respuesta ICMP_TIMXCEED_INTRANS (también conocido como ICMP time exceeded in-transit)que contiene un paquete IP encapsulado con una dirección de intranet, como lo demuestra un paquete TCP al servidor de gestión del cortafuegos en el puerto 18264.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-01-06 CVE Reserved
- 2009-01-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/32728 | Third Party Advisory | |
| http://www.portcullis-security.com/293.php | X_refsource_misc | |
| http://www.securityfocus.com/bid/32306 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/3229 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46645 | Vdb Entry | |
| https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36321 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Checkpoint Search vendor "Checkpoint" | Vpn-1 Search vendor "Checkpoint" for product "Vpn-1" | r55 Search vendor "Checkpoint" for product "Vpn-1" and version "r55" | - |
Affected
| ||||||
| Checkpoint Search vendor "Checkpoint" | Vpn-1 Search vendor "Checkpoint" for product "Vpn-1" | r65 Search vendor "Checkpoint" for product "Vpn-1" and version "r65" | - |
Affected
| ||||||