CVE-2024–24919: Zero-Day Vulnerability leads to unauthorized Information Disclosure in Checkpoint
Check Point has issued a urgent warning regarding a zero-day vulnerability discovered in its Network Security gateway products. This critical flaw poses a significant risk as threat actors have already exploited it in the wild. The vulnerability, with a CVSS score of 7.5, has the potential to allow attackers to access specific information on Internet-connected Gateways that have remote access VPN or mobile access enabled.
In today’s blog we will see what components are affected, how we can exploit this vulnerability and what are the possible remediation. Check Point has been at the forefront of developing innovative security technologies to protect businesses and organizations from cyber threats. Check Point’s cybersecurity products are widely used by businesses, government agencies, and organizations of all sizes to defend against cyber attacks and safeguard their digital assets and sensitive information.
Affected Components:
How to hunt, reproduce and verify the vulnerability?
Step 1: Check for the query in shodan (Server: “Check Point SVN Foundation”) to get the list of IPs where the affected components of checkpoint are hosted.
Step 2: Pick any of the target and open the instance in the browser. Make sure you intercept the request in Burp Suite.
Step 3: Forward the request to repeater and make the changes as shown in the screenshot. (GET=> POST and path traversal in body)
Step 4: Observe the response corresponding to the crafted request. It has been observed that the unauthorised user is able to read the local files data without any authentication or authorisation.
Remediation/Patches available?
Checkpoint has already released the Hotfix for the reported vulnerability. You can read about the patches here: https://support.checkpoint.com/results/sk/sk182336
Want to learn more and dig deeper?
I would suggest to go through the below-mentioned article which has explained bit by bit about this vulnerability as they are the original reporter of this CVE.
URL: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
STAY CURIOUS STAY PROTECTED !!
