CVE-2024-24919 Scanner

Check Point Quantum Gateway is a security solution used by organizations to protect their network infrastructure. It is commonly deployed by IT departments to ensure secure communication through features like IPSec VPN, remote access VPN, and mobile access software blades. This product is widely utilized in enterprise environments to safeguard against unauthorized access and data breaches. By providing robust network security, it helps maintain the integrity and confidentiality of sensitive information. Check Point Quantum Gateway is essential for organizations seeking comprehensive network security solutions.

The Information Disclosure vulnerability in Check Point Quantum Gateway, identified as CVE-2024-24919, allows attackers to access sensitive information. This issue arises when the gateway is configured with IPSec VPN, remote access VPN, or mobile access software blade. An attacker can exploit this vulnerability to obtain critical data such as system files. This can lead to potential security breaches and unauthorized data access.

CVE-2024-24919 affects Check Point Quantum Gateways that are set up with certain VPN configurations. The vulnerability is triggered by sending a crafted HTTP request to the gateway's endpoint, specifically targeting the "/clients/MyCRL" path. The malicious request includes a payload that attempts to traverse directories and access sensitive files like "/etc/shadow". If successful, the server responds with critical information from these files. The presence of this flaw can be verified if the response body contains patterns indicating access to user credential files, such as "root:." and "nobody:.".

Exploitation of this vulnerability can lead to severe security implications. An attacker gaining access to the "/etc/shadow" file can compromise system credentials, potentially leading to unauthorized access and privilege escalation. This can further enable the attacker to manipulate or steal sensitive data, disrupt services, and cause significant damage to the organization's network security. Such breaches can result in data loss, reputational damage, and financial loss.

Join SecurityforEveryone today to leverage our advanced cyber threat exposure management platform. By using our service, you can ensure your digital assets are continuously monitored for vulnerabilities like CVE-2024-24919. Our platform provides detailed reports and actionable insights, helping you maintain robust security measures. Protect your organization from potential breaches and keep your network secure with our comprehensive scanning and alerting capabilities. Become a member now to stay ahead of cyber threats and safeguard your sensitive information.

References:

• https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
• https://support.checkpoint.com/results/sk/sk182337