Exploit for Improper Authentication in Checkpoint Gaia_Os CVE-2026-50751

Name: Exploit for Improper Authentication in Checkpoint Gaia_Os CVE-2026-50751
Rating: 5 (8 reviews)
2026-06-10 | CVSS 9.3
## https://sploitus.com/exploit?id=1562A58E-1A45-56EF-BDBE-A65E8A6B3F77
# CVE-2026-50751 Check Point IKEv1 Scanner

A multi-threaded vulnerability scanner for **CVE-2026-50751**, a critical IKEv1 authentication bypass vulnerability affecting Check Point Quantum Security Gateways.

## Overview

Check Point Remote Access VPN systems with IKEv1 enabled are vulnerable to authentication bypass attacks. This tool detects if IKEv1 is enabled on target systems.

**CVE-2026-50751 Details:**
- **CVSS Score**: 9.8 (Critical)
- **Vulnerability**: IKEv1 authentication bypass in Check Point gateways
- **Attack Vector**: Network
- **Authentication Required**: None

---

## Features

- ✅ Parallel scanning of multiple targets
- ✅ Single IP or batch file input
- ✅ Both IKEv1 ports (500 and 4500) support
- ✅ Customizable timeout and worker threads
- ✅ Color-coded results with summary
- ✅ Hostname resolution support

---

## Installation

```bash
# No dependencies required - uses only Python standard library
python3 cve_2026_50751_poc.py --help
```

---

## Usage

### Single Target
```bash
python cve_2026_50751_poc.py 192.168.1.1
```

### Multiple IPs
```bash
python cve_2026_50751_poc.py 192.168.1.1 10.0.0.1 172.16.0.5
```

### From File
```bash
python cve_2026_50751_poc.py -f targets.txt
```

### Both Ports (500 & 4500)
```bash
python cve_2026_50751_poc.py -f targets.txt --both-ports
```

### Custom Port
```bash
python cve_2026_50751_poc.py 192.168.1.1 -p 4500
```

### Tuning Performance
```bash
# Fast scan with 50 workers
python cve_2026_50751_poc.py -f targets.txt --both-ports -w 50 --timeout 2

# Slow network with higher timeout
python cve_2026_50751_poc.py -f targets.txt -w 5 --timeout 15
```

### Quiet Mode (No Banner)
```bash
python cve_2026_50751_poc.py 192.168.1.1 -q
```

---

## Target File Format

Create `targets.txt` with one IP/hostname per line:

```
# Comments are ignored
192.168.1.1
192.168.1.2
vpn.example.com
10.0.0.5

203.0.113.15
```

---

## Output Examples

**Vulnerable System:**
```
⚠️  192.168.1.100       | VULNERABLE  | Port 500
   └─ IKEv1 Responding (56 bytes)
```

**Safe System:**
```
✅  192.168.1.101       | SAFE         | Port 500
```

**Unreachable System:**
```
⚠️  192.168.1.102       | FAILED       | Port 500
   └─ Connection timeout
```

**Summary:**
```
Vulnerable: 2 | Safe: 8 | Failed: 1
```

---

## Requirements

- Python 3.6+
- No external dependencies (uses only `socket`, `struct`, `threading`)

---

## Legal & Authorization

⚠️ **Important**: Only run this scanner on systems you own or have explicit written permission to test. Unauthorized scanning may be illegal.

---

## References

- [Check Point SK185033](https://supportcenter.checkpoint.com/)
- [CVE-2026-50751 Details](https://nvd.nist.gov/vuln/detail/CVE-2026-50751)
- [IKEv1 vs IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange)

---

**Version:** 1.0  
**Status:** Production Ready  
**Last Updated:** 2026-06-10