CVE-2001-0082

Check Point VPN-1/FireWall-1 <4.1 SP2 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0082. PoCs published by Thomas Lopatic.

AI-analyzed exploit summary This exploit leverages a vulnerability in Check Point VPN-1/Firewall-1's Fast Mode, allowing bypass of access controls via malformed fragmented TCP segments. It crafts three fragmented packets to manipulate the firewall's state tracking and access blocked services.

Description

Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thomas Lopatic · cremotemultiple

https://www.exploit-db.com/exploits/20519

View Code ZIP pw:eip

This exploit leverages a vulnerability in Check Point VPN-1/Firewall-1's Fast Mode, allowing bypass of access controls via malformed fragmented TCP segments. It crafts three fragmented packets to manipulate the firewall's state tracking and access blocked services.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Check Point VPN-1/Firewall-1 (Fast Mode enabled)

No auth needed

Prerequisites: Fast Mode enabled on firewall · At least one accessible TCP service on the target host

MITRE ATT&CK

T1205 - Traffic Signaling T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-12/0271.html

Scores

EPSS 0.0243

EPSS Percentile 82.1%

Details

Status published

Products (1)

checkpoint/firewall-1 4.1 sp2

Published Feb 12, 2001

Tracked Since Feb 18, 2026