CVE-2000-1037

Check Point Firewall-1 3.0-4.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-1037. PoCs published by Gregory Duchemin, Nelson Brito.

AI-analyzed exploit summary This script exploits a vulnerability in Check Point Firewall-1 Session Agent (CVE-2000-1037) by performing brute-force attacks, password recovery, and DoS attacks against the authentication mechanism. It interacts with the Session Agent on port 261 to extract credentials or disrupt service.

Description

Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Gregory Duchemin · bashremotemultiple
https://www.exploit-db.com/exploits/20216

This script exploits a vulnerability in Check Point Firewall-1 Session Agent (CVE-2000-1037) by performing brute-force attacks, password recovery, and DoS attacks against the authentication mechanism. It interacts with the Session Agent on port 261 to extract credentials or disrupt service.

Classification
Working Poc 90%
Attack Type
Auth Bypass | Dos | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Check Point Firewall-1 Session Agent (versions 4.0 & 4.1)
No auth needed
Prerequisites: netcat (nc) · target IP list · optional dictionary file for brute-force
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Nelson Brito · perlremotemultiple
https://www.exploit-db.com/exploits/20215

This Perl script exploits a brute-force vulnerability in Check Point Firewall-1 Session Agent by repeatedly attempting usernames from a file until a valid one is found. It listens on port 261 and interacts with the agent's authentication prompts.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Check Point Firewall-1 Session Agent (all versions)
No auth needed
Prerequisites: Network access to the target Session Agent · A list of usernames in a file named 'users'
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1662
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/76389

Scores

EPSS 0.0335
EPSS Percentile 87.1%

Details

Status published
Products (3)
checkpoint/firewall-1 3.0
checkpoint/firewall-1 4.0
checkpoint/firewall-1 4.1
Published Dec 11, 2000
Tracked Since Feb 18, 2026