|
20283 | 20283 |
|
20284 | 20284 | ] |
20285 | 20285 | }, |
| 20286 | + "auxiliary_gather/checkpoint_gateway_fileread_cve_2024_24919": { |
| 20287 | + "name": "Check Point Security Gateway Arbitrary File Read", |
| 20288 | + "fullname": "auxiliary/gather/checkpoint_gateway_fileread_cve_2024_24919", |
| 20289 | + "aliases": [ |
| 20290 | + |
| 20291 | + ], |
| 20292 | + "rank": 300, |
| 20293 | + "disclosure_date": null, |
| 20294 | + "type": "auxiliary", |
| 20295 | + "author": [ |
| 20296 | + "remmons-r7" |
| 20297 | + ], |
| 20298 | + "description": "This module leverages an unauthenticated arbitrary root file read vulnerability for\n Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades\n are enabled on affected devices, traversal payloads can be used to read any files on\n the local file system. Password hashes read from disk may be cracked, potentially\n resulting in administrator-level access to the target device. This vulnerability is\n tracked as CVE-2024-24919.", |
| 20299 | + "references": [ |
| 20300 | + "URL-https://support.checkpoint.com/results/sk/sk182336", |
| 20301 | + "URL-https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/", |
| 20302 | + "URL-https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/" |
| 20303 | + ], |
| 20304 | + "platform": "", |
| 20305 | + "arch": "", |
| 20306 | + "rport": 443, |
| 20307 | + "autofilter_ports": [ |
| 20308 | + 80, |
| 20309 | + 8080, |
| 20310 | + 443, |
| 20311 | + 8000, |
| 20312 | + 8888, |
| 20313 | + 8880, |
| 20314 | + 8008, |
| 20315 | + 3000, |
| 20316 | + 8443 |
| 20317 | + ], |
| 20318 | + "autofilter_services": [ |
| 20319 | + "http", |
| 20320 | + "https" |
| 20321 | + ], |
| 20322 | + "targets": null, |
| 20323 | + "mod_time": "2024-06-13 08:14:35 +0000", |
| 20324 | + "path": "/modules/auxiliary/gather/checkpoint_gateway_fileread_cve_2024_24919.rb", |
| 20325 | + "is_install_path": true, |
| 20326 | + "ref_name": "gather/checkpoint_gateway_fileread_cve_2024_24919", |
| 20327 | + "check": true, |
| 20328 | + "post_auth": false, |
| 20329 | + "default_credential": false, |
| 20330 | + "notes": { |
| 20331 | + "Stability": [ |
| 20332 | + "crash-safe" |
| 20333 | + ], |
| 20334 | + "SideEffects": [ |
| 20335 | + |
| 20336 | + ], |
| 20337 | + "Reliability": [ |
| 20338 | + |
| 20339 | + ] |
| 20340 | + }, |
| 20341 | + "session_types": false, |
| 20342 | + "needs_cleanup": false, |
| 20343 | + "actions": [ |
| 20344 | + |
| 20345 | + ] |
| 20346 | + }, |
20286 | 20347 | "auxiliary_gather/checkpoint_hostname": { |
20287 | 20348 | "name": "CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure", |
20288 | 20349 | "fullname": "auxiliary/gather/checkpoint_hostname", |
|
0 commit comments