Vulnerability CVE-2008-5849

Vulnerability Name:

CVE-2008-5849 (CCN-46645)

Assigned:

2008-10-24

Published:

2008-10-24

Updated:

2017-08-08

Summary:

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2008-5849

Source: CCN
Type: SA32728
Checkpoint VPN-1 Information Disclosure Vulnerability

Source: SECUNIA
Type: UNKNOWN
32728

Source: CCN
Type: Check Point Web site
Check Point

Source: CCN
Type: OSVDB ID: 50033
Check Point VPN-1 ICMP Error Message Internal IP Disclosure

Source: CCN
Type: Portcullis Security Advisory 08-009
Checkpoint VPN-1 PAT information disclosure

Source: MISC
Type: UNKNOWN
http://www.portcullis-security.com/293.php

Source: BID
Type: UNKNOWN
32306

Source: CCN
Type: BID-32306
Check Point VPN-1 Port Address Translation Information Disclosure Weakness

Source: VUPEN
Type: UNKNOWN
ADV-2008-3229

Source: XF
Type: UNKNOWN
vpn1-pat-information-disclosure(46645)

Source: XF
Type: UNKNOWN
vpn1-pat-information-disclosure(46645)

Source: CONFIRM
Type: UNKNOWN
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36321

Source: MISC
Type: Exploit
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.nasl

Vulnerable Configuration:

Configuration 1:

cpe:/a:checkpoint:vpn-1:r55:*:*:*:*:*:*:*

OR cpe:/a:checkpoint:vpn-1:r65:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:checkpoint:vpn-1_firewall-1_next_generation:r55:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK