From 00be053b247495a14d7907cd8f3cf532ac626f4e Mon Sep 17 00:00:00 2001
From: johnk3r <johnatan2camargo@gmail.com>
Date: Thu, 30 May 2024 00:48:57 -0300
Subject: [PATCH] Update CVE-2024-24919.yaml

---
 http/cves/2024/CVE-2024-24919.yaml | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/http/cves/2024/CVE-2024-24919.yaml b/http/cves/2024/CVE-2024-24919.yaml
index 9dc5043337..287af21066 100644
--- a/http/cves/2024/CVE-2024-24919.yaml
+++ b/http/cves/2024/CVE-2024-24919.yaml
@@ -1,9 +1,13 @@
 id: CVE-2024-24919
 
 info:
-  name: CVE-2024-24919
+  name: Check Point R81, R80, R77, R75 - Arbitrary File Read
   author: johnk3r
-  severity: medium
+  severity: high
+  description: |
+    CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
+  reference:
+    - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
   metadata:
     max-request: 1
     vendor: checkpoint
@@ -21,8 +25,12 @@ http:
       - type: regex
         part: body
         regex:
-          - "root:"
-          - "cpep_user:"
+          - "monitor:\\*:"
+          - "root:\\*:"
+          - "cp_routeevt:\\*:"
+          - "cp_postgres:\\*:"
+          - "cp_extensions:\\*:"
+          - "cpep_user:\\*:"
 
       - type: status
         status: