Information disclosure in Check Point Quantum Gateway

1) Path traversal

EUVDB-ID: #VU89894

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-24919

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a insufficient validation of file path in Security Gateways with IPSec VPN, Remote Access VPN and the Mobile Access software blade. A remote non-authenticated attacker can send a specially crafted HTTP request and view arbitrary files on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Gaia: R77 - R81.20 Take 54

CPE2.3

• cpe:2.3:o:check_point_software_technologies:gaia:R81.10 Take 338:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R81.20 Take 54:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R81 Take 92:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R80.40 Take 211:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R80.30 Take 255:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R80.10 Take 272:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R80.20 Take 334:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R80:*:*:*:*:*:*:*
• cpe:2.3:o:check_point_software_technologies:gaia:R77.30:*:*:*:*:*:*:*

External links

http://support.checkpoint.com/results/sk/sk182336
http://blog.checkpoint.com/security/enhance-your-vpn-security-posture

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.