daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-24919.yaml

patch-3
johnk3r 2024-05-30 00:48:57 -03:00 committed by GitHub
parent 03e7aa0bc8
commit 00be053b24
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
http/cves/2024/CVE-2024-24919.yaml
View File

@ -1,9 +1,13 @@
id: CVE-2024-24919 id: CVE-2024-24919
info: info:
name: CVE-2024-24919 name: Check Point R81, R80, R77, R75 - Arbitrary File Read
author: johnk3r author: johnk3r
severity: medium severity: high
description: |
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
reference:
- https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
metadata: metadata:
max-request: 1 max-request: 1
vendor: checkpoint vendor: checkpoint
@ -21,8 +25,12 @@ http:
- type: regex - type: regex
part: body part: body
regex: regex:
- "root:" - "monitor:\\*:"
- "cpep_user:" - "root:\\*:"
- "cp_routeevt:\\*:"
- "cp_postgres:\\*:"
- "cp_extensions:\\*:"
- "cpep_user:\\*:"
- type: status - type: status
status: status: