Checkpoint VPN-1 PAT信息泄露漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

CVE(CAN) ID: CVE-2008-5849 CheckPoint防火墙/VPN解决方案可为组织提供网络架构和信息安全保护。 对于启用了端口地址翻译(PAT)的CheckPoint VPN-1防火墙,如果远程攻击者向防火墙的18264/tcp端口发送设置有很低TTL值的报文的话,就可以触发ICMP_TIMXCEED_INTRANS响应,而响应的封装IP报文中包含有内部IP地址,如下所示: 14:56:25.169480 IP (tos 0xe0, ttl 255, id 21407, offset 0, flags [none], proto: ICMP (1), length: 68) 193.0.0.1 &gt; 194.0.0.1: ICMP time exceeded in-transit, length 48 IP (tos 0x0, ttl 1, id 5120, offset 0, flags [none], proto: TCP (6), length: 40) 194.0.0.1.9003 &gt; 10.0.0.99.18264: S, cksum 0x03e6 (correct), 2834356043:2834356043(0) win 512 Check Point Software VPN-1 R65 Check Point Software VPN-1 R55 厂商补丁: Check Point Software -------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://downloads.checkpoint.com/dc/download.htm?ID=8606 target=_blank rel=external nofollow>http://downloads.checkpoint.com/dc/download.htm?ID=8606</a> <a href=http://downloads.checkpoint.com/dc/download.htm?ID=8607 target=_blank rel=external...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息