Checkpoint VPN-1 PAT information disclosure By sending crafted packets to ports on the firewall which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. Port 18264/tcp on the firewall is typically configured in such a manner, with packets to this port being rewritten to reach the firewall management server. For example, the firewall fails to correctly sanitise the encapsulated IP headers in ICMP time-to-live exceeded packets resulting in internal IP addresses being disclosed. On the following platforms, we recommend you mitigate in the described manner: Checkpoint VPN-1 R55 Checkpoint VPN-1 R65 We recommend you mitigate in the following manner: Disable any implied rules and only open ports for required services Filter outbound ICMP time-to-live exceeded packets

We are not aware of a vendor approved solution at the current time. False positive: This could be false positive alert. Try running same scan against single host where this vulnerability is reported.

• http://www.portcullis-security.com/293.php

---

Updated on 2015-03-25