Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware CVE-2024-24919

Name: Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware CVE-2024-24919
Rating: 5 (215 reviews)

2024-06-03 | CVSS 8.6

## https://sploitus.com/exploit?id=91CAA14F-7CB2-5896-A717-5C3C1656F3A5
# CVE-2024-24919-PoC

![Screenshot of the exploit running.](https://github.com/0nin0hanz0/CVE-2024-24919-PoC/blob/main/screenshot.png)

## Vulnerability References
* https://nvd.nist.gov/vuln/detail/CVE-2024-24919
* https://censys.com/cve-2024-24919/
* https://vulners.com/cve/CVE-2024-24919
* https://support.checkpoint.com/results/sk/sk182336 (Hotfix)

## About CVE-2024-24919
The vulnerability allows an unauthenticated remote attacker to read certain files on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway and, in certain scenarios, can potentially lead the attacker to move laterally and gain domain admin privileges.

## Search Dorks
* **Shodan Dork:** title:"Check Point" || "Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7"
* **Fofa Dork:** app="Check_Point-SSL-Network-Extender"
* **Censys:**  risks.name="Vulnerable Check Point Quantum Spark Gateway [CVE-2024-24919]"
* **Nuclei Template:** https://github.com/johnk3r/nuclei-templates/blob/c226ece895c8e4e6aec22aff66f21e5b8b70e08e/http/cves/2024/CVE-2024-24919.yaml

## Instalation

- `git clone https://github.com/0nin0hanz0/CVE-2024-24919-PoC.git && cd CVE-2024-24919-PoC`
- `pip install -r requirements.txt`

## Run the Exploit
- For a single IP target: `python exploit.py --target 192.128.0.1`
- For a list of IP targets: `python exploit.py --file ips.txt` (file ips.txt ahould contain IPs [e.g. 192.168.1.1], one at each line. Results are written to file results.txt)

## LEGAL
This Proof of Concept source code (PoC) is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. The PoC developers assume no liability and are not responsible for any misuse or damage caused by this program.

This PoC is licensed under the [GNU General Public License](https://www.gnu.org/licenses/gpl-3.0.en.html).