Curious about WAF as a Service? Learn how it can act as a critical protection for corporate web applications and APIs, protecting them against exploitation and potential misuse: https://www.checkpoint.com/cyber-hub/cloud-security/what-is-web-application-firewall/what-is-waf-as-a-service/

#cloudsecurity #CloudGuard #LevelUpYourWAF

WatchTowr Labs discovered a significant vulnerability, CVE-2024-24919, in Check Point's CloudGuard Network Security appliances. This flaw allows attackers to perform an arbitrary file read operation, specifically targeting the shadow password file, which grants them the ability to read any file on the system if run as a superuser. The researchers demonstrated this by sending a crafted HTTP request to the device, resulting in the return of the shadow password file content. Despite the vendor's claim that the vulnerability only affects devices with username-and-password authentication enabled, the researchers found no clear reason for this limitation based on the code analysis. They also noted the vendor's remediation advice, suggesting placing the vulnerable device behind another hardened device, which they found amusing due to its impracticality.

The discovery process involved analyzing the decompiled code to identify paths that could lead to file traversal and reading operations. The researchers highlighted a particular string table comparison mechanism that, when manipulated, allowed them to specify a directory traversal path in their request. This led to the successful retrieval of the shadow password file, showcasing the potential impact of the vulnerability.

WatchTowr Labs expressed concern over the vendor's downplaying of the severity of the bug, especially since it is already being exploited in the wild. They emphasized the importance of treating this as a full unauthenticated remote code execution (RCE) vulnerability and urged device administrators to update their systems immediately. The vendor, Check Point, has released a hotfix to address the issue, which administrators are advised to apply.

https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

https://support.checkpoint.com/results/sk/sk182336

#cybersecurity #checkpoint #cloudguard #vulnerability #cve #rce #hotfix #update #watchtowr

Check Point Vulnerability Report: CVE-2024-24919

Date: May 29, 2024

CVE: CVE-2024-24919

Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

CWE: [[CWE-22]], [[CWE-425]]

Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

Synopsis

A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

Issue Summary

The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

Technical Key Findings

The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

Vulnerable Products

• Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

Impact Assessment

Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

Patches or Workaround

Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

Tags

#CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence