VYPR
Unrated severityNVD Advisory· Published Jan 6, 2009· Updated Jun 16, 2026

CVE-2008-5849

CVE-2008-5849

Description

Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.

Affected products

3
  • Checkpoint/VPN 13 versions
    cpe:2.3:a:checkpoint:vpn-1:r55:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:checkpoint:vpn-1:r55:*:*:*:*:*:*:*
    • cpe:2.3:a:checkpoint:vpn-1:r65:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.