CVE-2008-5849

Name of the Vulnerable Software and Affected Versions Check Point VPN-1 versions R55, R65

Description The issue allows remote attackers to discover intranet IP addresses when Port Address Translation (PAT) is used. This is achieved by sending a packet with a small TTL, which triggers an ICMP time exceeded in-transit response containing an encapsulated IP packet with an intranet address. For example, this can be demonstrated by sending a TCP packet to the firewall management server on port 18264.

Recommendations For Check Point VPN-1 versions R55, R65, consider restricting access to the firewall management server on port 18264 as a temporary workaround until a patch is available. Restrict the use of Port Address Translation (PAT) to minimize the risk of exploitation.