CVE-2003-0757

Check Point FireWall-1 <4.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0757. PoCs published by Jim Becher.

AI-analyzed exploit summary This exploit targets an information leakage vulnerability in Check Point Firewall-1 by connecting to ports 264 or 256 and sending specific byte sequences to retrieve internal network IP addresses. The code iterates over a range of IP addresses to identify vulnerable hosts.

Description

Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jim Becher · cdoshardware

https://www.exploit-db.com/exploits/23087

View Code ZIP pw:eip

This exploit targets an information leakage vulnerability in Check Point Firewall-1 by connecting to ports 264 or 256 and sending specific byte sequences to retrieve internal network IP addresses. The code iterates over a range of IP addresses to identify vulnerable hosts.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Check Point Firewall-1 v4.1 or earlier

No auth needed

Prerequisites: Network access to target IP range · Ports 256 or 264 accessible

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html

Scores

EPSS 0.0234

EPSS Percentile 81.5%

Details

Status published

Products (2)

checkpoint/firewall-1 4.0

checkpoint/firewall-1 4.1

Published Oct 20, 2003

Tracked Since Feb 18, 2026