Appliance Details
Check Point Security Gateways are a comprehensive security platform that prevents threats, and prioritises risks across applications, network, and workloads.
Vulnerability
A vulnerability has been discoverd that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
Identification
Exploiting this vulnerability could result in accessing sensitive information on the Security Gateway. This, in certain scenarios, could potentially lead the attacker to move laterally and gain domain admin privileges.
POST /clients/MyCRL
PAYLOAD -
aCSHELL/../../../../../../../etc/shadow
Detection
By turning this into a traffic file and matching rule, we are able to detect attempts to gain unauthorised access to the system.
Coverage
Idappcom have created signature 8024989 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments