Jan 27, 2025 SOURCE: PR NewsWire

Element Security Discovers Critical RCE Vulnerability in Check Point Security Gateways

Element Security, a leader in Continuous Threat Exposure Management (CTEM), has uncovered a critical Remote Code Execution (RCE) vulnerability in Check Point Security Gateways, enabled through the exploitation of CVE-2021-40438. This discovery exposes significant risks for organizations relying on outdated or unpatched software versions.

TEL AVIV, Israel, Jan. 27, 2025 /PRNewswire-PRWeb/ -- Element Security, a leader in Continuous Threat Exposure Management (CTEM), has uncovered a critical Remote Code Execution (RCE) vulnerability in Check Point Security Gateways, enabled through the exploitation of CVE-2021-40438. This discovery exposes significant risks for organizations relying on outdated or unpatched software versions.

About the Vulnerability

CVE-2021-40438 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server's mod_proxy module. This vulnerability can be exploited to redirect server requests to unintended destinations, potentially exposing sensitive data or allowing unauthorized access. Although Check Point addressed the issue in 2022, many systems remain vulnerable due to unpatched updates or reliance on end-of-life software.

Element Security researchers identified the RCE vulnerability during internal testing of a related flaw, CVE-2024-24919. By analyzing Check Point's software, they discovered that an outdated version of Apache left gateways susceptible to CVE-2021-40438.

Escalating SSRF to RCE

The potential impact of this vulnerability extends far beyond a typical SSRF attack. Leveraging CVE-2021-40438, Element Security researchers identified a method to achieve Remote Code Execution (RCE) by modifying the original SSRF payload to interact directly with UNIX sockets.

    --  Gateway Configuration Exposure: By interacting with the /tmp/xdumps UNIX
        socket, attackers could use a simple HTTP request to dump the gateway
        configuration, which includes sensitive information such as user
        accounts and password hashes.
    --  Remote Code Execution: Further research revealed the /tmp/xsets UNIX
        socket, which utilized a proprietary binary protocol. By analyzing its
        communication patterns, they reverse-engineered the protocol and
        discovered its ability to modify gateway configuration parameters.
        Leveraging this insight, the researchers crafted a payload to reset the
        admin password, leading to a full system compromise.

Critical Lessons and Implications

This research highlights the critical risks associated with unpatched software and insecure inter-process communication (IPC) mechanisms. Organizations that have not updated their systems remain highly vulnerable, exposing themselves to potential exploitation, data breaches, and severe operational disruptions.

Element Security's Commitment to Proactive Security

Element Security ensured its customers were the first to benefit from this discovery. Immediate testing and actionable mitigation advice were delivered through the Element Security platform, empowering clients to address the vulnerability proactively.

"At Element Security, we redefine how organizations defend against threats through active testing and validation," said Daniel Lublin, CEO of Element Security. "This discovery reflects our commitment to original research, delivering actionable insights to protect our customers."

Availability

Further details and an in-depth analysis of the research are available on Element Security's Research blog post.

About Element Security

Element Security is a pioneer in cybersecurity, delivering a cutting-edge CTEM platform designed to continuously monitor, validate, and enhance the security of external attack surfaces. By combining advanced automation, innovative research, and actionable threat insights, Element Security empowers organizations to proactively mitigate risks and safeguard their operations against evolving cyber threats.

Media Contact
Omer Cohen, Element Security, 972 525607773, omer@element.security, https://element.security

View original content to download multimedia:https://www.prweb.com/releases/element-security-discovers-critical-rce-vulnerability-in-check-point-security-gateways-302360658.html

SOURCE Element Security

ELEMENT SECURITY

Related News

Source Elements announces Source-Connect 4

Element Solutions Inc Issues Statement Regarding Cyber Security Incident

Element Nutritional Sciences Appoints Chief Marketing Officer

Entegris and Element Solutions Terminate Distribution Agreement

Element Solutions Inc Increases 2020 Financial Guidance

Element Nutritional Sciences Inc. (Formerly PJ1 Capital Corp.) Acquires Element Nutrition Inc. and Hammock Pharmaceuticals, Inc.

SD Elements by Security Compass Now Available in U.S. DoD Iron Bank Repository

America's National Security Blind Spot: Uranium and Rare Earth Element Production

View all News

Latest Procurements

Deadline: Jul 31, 2025

Eight Lane Electronic Target System For Air Rifle And Air Pistol Of Indoor Shooting Range Quantity: 1

BID NO: GEM/2025/B/6282105 View Corrigendum/RepresentationItems: Eight Lane Electronic Target S...Quantity: 1Department Name And Address: Ministry of DefenceDepartment of Military AffairsStart Date: 21-06-2025 2:00 PMEnd Date: 31-07-2025 2:00 PM

Deadline: Aug 13, 2025

Procurement Of Spares For Rafale Aircraft

424. 13-Jun-2025 05:00 PM 13-Aug-2025 03:00 PM 20-Aug-2025 03:00 PM PROCUREMENT OF SPARES FOR RAFALE AIRCRAFT/AIRHQ/DPROC/25-26/W25080/PUR/2025_IAF_714252_1 Indian Air Force -- Organisation Details : Organisation Name : Indian...

Deadline: Aug 7, 2025

Procurement Of Spares For Mirage- 2000 Aircraft

493. 13-Jun-2025 05:00 PM 07-Aug-2025 11:30 AM 07-Aug-2025 11:45 AM PROCUREMENT OF SPARES FOR MIRAGE- 2000 AIRCRAFT/AIR HQ/DPROC/W25079/PUR/2025_IAF_801635_1 Indian Air Force -- Organisation Details : Organisation Name...

View all Procurementsp