Keep in mind that Gaia is a hardened, purpose-built OS based on RedHat Enterprise Linux.
Many findings a Rapid7-type product would find would be false positives as we patch our images for relevant, known vulnerabilities.
If you're actually logging into the device with valid credentials (e.g. via SSH), you will get, by default, a restricted shell (clish) that does not allow access to most common Unix commands that could be used for privilege escalation.
Whether Rapid7 knows how to navigate clish is a separate question.
The only way you can get to a proper Unix-type shell on a Check Point appliance is:
- Entering "expert" mode from clish (which requires valid credentials)
- Explicitly setting the shell for a given user to something other than clish (not default configuration) and logging in as that user.
Any shell-based privilege escalations can be mitigated by strictly limiting access to expert mode and ensuring all users that log in use clish.