Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Checkpoint VPN-1 PAT information disclosure

Information

Severity

Severity

Medium

Family

Family

Firewalls

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Solution Type

Mitigation

Created

Created

13 years ago

Modified

Modified

4 years ago

Summary

Checkpoint VPN-1 PAT information disclosure

Insight

Insight

By sending crafted packets to ports on the firewall which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. Port 18264/tcp on the firewall is typically configured in such a manner, with packets to this port being rewritten to reach the firewall management server. For example, the firewall fails to correctly sanitise the encapsulated IP headers in ICMP time-to-live exceeded packets resulting in internal IP addresses being disclosed. False positive: This could be false positive alert. Try running same scan against single host where this vulnerability is reported.

Solution

Solution

We are not aware of a vendor approved solution at the current time. On the following platforms, we recommend you mitigate in the described manner: Checkpoint VPN-1 R55 Checkpoint VPN-1 R65 We recommend you mitigate in the following manner: Disable any implied rules and only open ports for required services Filter outbound ICMP time-to-live exceeded packets.

Common Vulnerabilities and Exposures (CVE)