Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Checkpoint VPN-1 PAT information disclosure
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Checkpoint VPN-1 PAT information disclosure
Insight
Insight
By sending crafted packets to ports on the firewall which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. Port 18264/tcp on the firewall is typically configured in such a manner, with packets to this port being rewritten to reach the firewall management server. For example, the firewall fails to correctly sanitise the encapsulated IP headers in ICMP time-to-live exceeded packets resulting in internal IP addresses being disclosed. False positive: This could be false positive alert. Try running same scan against single host where this vulnerability is reported.
Solution
Solution
We are not aware of a vendor approved solution at the current time. On the following platforms, we recommend you mitigate in the described manner: Checkpoint VPN-1 R55 Checkpoint VPN-1 R65 We recommend you mitigate in the following manner: Disable any implied rules and only open ports for required services Filter outbound ICMP time-to-live exceeded packets.