3th June 2024
Summary
Last Thursday watchTowr Labs published their vulnerability research on a high severity vulnerability CVE-2024-24919 on the CloudGuard Network Security appliances. CVE-2024-24919 (CVSS:3.1: 8.6) is a Path Traversal Vulnerability which allows an attacker to traverse the file system and request local files if exploited. The exploit is currently being used in the wild by real attackers, and the attack complexity is low. There is a high potential impact to confidentiality, as an attacker can obtain highly sensitive information. Device administrators are urged to update as soon as possible. This, in certain scenarios, can potentially lead the attacker to move laterally and gain domain admin privileges.
Affected Versions
See the affected versions in the table below:
Product | Version |
CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances | R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20 |
Fixed Version
The problem was fixed in these Jumbo Hotfix Accumulators:
Version | Take # |
R81.20 Jumbo Hotfix Accumulator | Latest Take 65 |
R81.10 Jumbo Hotfix Accumulator | Latest Take 150 |
R81 Jumbo Hotfix Accumulator | Coming soon |
Recommendations
Customers are urged to install the aforementioned Jumbo Hotfix Accumulator. Alternatively, there is also a hotfix available here.