Unrated severityNVD Advisory· Published Jan 6, 2009· Updated Apr 23, 2026

CVE-2008-5849

Description

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

Affected products

Checkpoint/Vpn 12 versions
cpe:2.3:a:checkpoint:vpn-1:r55:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:checkpoint:vpn-1:r55:*:*:*:*:*:*:*
- cpe:2.3:a:checkpoint:vpn-1:r65:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins/scripts/checkpoint-vpn1-pat-information-disclosure.naslnvdExploit
secunia.com/advisories/32728nvd
www.portcullis-security.com/293.phpnvd
www.securityfocus.com/bid/32306nvd
www.vupen.com/english/advisories/2008/3229nvd
exchange.xforce.ibmcloud.com/vulnerabilities/46645nvd
supportcenter.checkpoint.com/supportcenter/portalnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000