Auto Update Nuclei [Thu Sep 19 18:25:56 UTC 2024] :robot:

0x727 · Sep 19, 2024 · 8d85915 · 8d85915
1 parent 53ee6ad
commit 8d85915
Showing 1 changed file with 14 additions and 4 deletions.
diff --git a/plugins/checkpoint/quantum_security_gateway/CVE-2024-24919.yaml b/plugins/checkpoint/quantum_security_gateway/CVE-2024-24919.yaml
@@ -2,13 +2,24 @@ id: CVE-2024-24919
 
 info:
   name: Check Point Quantum Gateway - Information Disclosure
-  author: johnk3r
+  author: johnk3r,s4e-io
   severity: high
   description: |
-    CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade.
+    Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
   reference:
     - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
     - https://support.checkpoint.com/results/sk/sk182337
+    - https://s4e.io/tools/check-point-quantum-gateway-information-disclosure-cve-2024-24919
+    - https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html
+    - https://censys.com/cve-2024-24919/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cve-id: CVE-2024-24919
+    cwe-id: CWE-200
+    epss-score: 0.94543
+    epss-percentile: 0.99271
+    cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 1
@@ -18,7 +29,6 @@ info:
       - html:"Check Point SSL Network"
       - http.html:"check point ssl network"
     fofa-query: body="check point ssl network"
-    cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
   tags: cve,cve2024,checkpoint,lfi
 
 http:
@@ -42,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009afc265207776c9f9b1141fe6d3ee1d95636a46c187f30031ad4d91454e24c80022074c76d77fa0af466c7c78777681ecec941e3bd46946c9604f7e24a476aa1617e:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220560232e258cd722d9168aee8b8f24b58c7c084b3f064c2ca767d36af48108a29022001385445994c7371532506b27da6c7cea282a246f2b94aac34b6f04f1a293851:922c64590222798bb761d5b6d8e72950