CVE-2024-24919 PoC — Information disclosure

Source

https://github.com/zxcod3/CVE-2024-24919

Associated Vulnerability

Title:Information disclosure (CVE-2024-24919)
Description:Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Readme

# CVE-2024-24919

## Description
CVE-2024-24919 is a critical information disclosure vulnerability affecting various Check Point security products, including Quantum Security Gateways and CloudGuard. It has a high CVSS score of 8.6 and allows unauthenticated attackers to read sensitive files from the affected devices, such as /etc/passwd, /etc/shadow, and configuration files related to network security and VPNs. This means attackers can potentially gain domain privileges and access sensitive information without user interaction or special privileges


## How It Works
The script allows the user to input an IP address and a port, then sends POST requests to a specific endpoint (`/clients/MyCRL`) for various configuration files (such as `/etc/passwd`, `/etc/shadow`, among others). The script indicates whether the request was successful or failed, marking successful responses with an 'O' and failed ones with an 'X'.

## Installation

```bash
git clone https://https://github.com/skyrowalker/CVE-2024-24919.git
cd CVE-2024-24919
pip install -r requirements.txt
python3 CVE-2024-24919.py
```

## Images

![alt text](image-4.png)
![alt text](image-5.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →