| Type | Arbitrary files read |
| Description | CVE-2024-24919 is a vulnerability in Check Point’s CloudGuard Network Security appliance that allows unauthorized actors to read arbitrary files due to improper path traversal protection. |
| The Impact of the Bug | Attackers can access sensitive files, including /etc/shadow, potentially compromising system security. This vulnerability is especially critical in systems using username-password authentication. |
| How to detect if you have a vulnerable application to this attack vector? | Check for systems running vulnerable versions of CloudGuard Network Security with username-password authentication enabled. |
| Exploitation | In-The-Wild Scripts for CVE-2024-24919 exploit a vulnerability in Check Point’s CloudGuard by sending specially crafted HTTP POST requests to read arbitrary files on the target system. It uses a directory traversal attack in the payload ‘aCSHELL/../../../../../../../{file_name}’ sent to the URL https://{ip}/clients/MyCRL |
| References | https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ |
| https://github.com/un9nplayer/CVE-2024-24919 |