CVE-2024-52885 – This directory traversal vulnerability in Check... (How to Fix)

Q: What is the severity of CVE-2024-52885?

CVE-2024-52885 has a CVSS score of 5.0 (MEDIUM). This directory traversal vulnerability in Check Point's Mobile Access Portal File Share application allows authenticated malicious users to list file names in directories accessible to the 'nobody' user account. It affects organizations using Check Point Mobile Access Portal with File Share functionality. Attackers must have valid credentials and access to at least one File Share application.

📋 TL;DR

This directory traversal vulnerability in Check Point's Mobile Access Portal File Share application allows authenticated malicious users to list file names in directories accessible to the 'nobody' user account. It affects organizations using Check Point Mobile Access Portal with File Share functionality. Attackers must have valid credentials and access to at least one File Share application.

💻 Affected Systems

Products:

Check Point Mobile Access Portal

Versions: All versions prior to R81.20.40, R81.10.90, R80.40.150

Operating Systems: Check Point Gaia OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Mobile Access Portal and File Share application enabled. Requires authenticated user access.

📦 What is this software?

Mobile Access by Checkpoint

View all CVEs affecting Mobile Access →

Remote Access Vpn by Checkpoint

View all CVEs affecting Remote Access Vpn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could map the file system structure, discover sensitive files, and potentially combine with other vulnerabilities for further exploitation.

🟠

Likely Case

Information disclosure of directory contents and file names that could aid in reconnaissance for targeted attacks.

🟢

If Mitigated

Limited exposure with proper access controls and monitoring in place.

🌐 Internet-Facing: MEDIUM - Requires authentication but exposes internal file structure to external attackers with valid credentials.

🏢 Internal Only: MEDIUM - Insider threats or compromised credentials could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and knowledge of directory traversal techniques. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: R81.20.40, R81.10.90, or R80.40.150

Vendor Advisory: https://support.checkpoint.com/results/sk/sk183137

Restart Required: No

Instructions:

1. Log into Check Point Security Management Server. 2. Navigate to Software Updates. 3. Apply the relevant hotfix: R81.20.40, R81.10.90, or R80.40.150. 4. Verify the update completes successfully.

🔧 Temporary Workarounds

Disable File Share Application

Check Point Gaia OS

Temporarily disable the File Share functionality in Mobile Access Portal until patching is complete.

cpca_client disable fileshare

Restrict User Access

all

Review and tighten user permissions for Mobile Access Portal, limiting File Share access to essential users only.

🧯 If You Can't Patch

Implement strict access controls and monitor for unusual file listing activities
Segment network to isolate Mobile Access Portal from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check current version with: 'fw ver' and compare against vulnerable versions (pre-R81.20.40, R81.10.90, R80.40.150)

Check Version:

fw ver

Verify Fix Applied:

Verify version is R81.20.40, R81.10.90, or R80.40.150 or later using: 'fw ver'

📡 Detection & Monitoring

Log Indicators:

Unusual file listing requests in Mobile Access Portal logs
Multiple directory traversal patterns in access logs

Network Indicators:

Abnormal patterns of file enumeration requests to Mobile Access Portal

SIEM Query:

source="mobile_access_logs" AND ("../" OR "..\" OR "%2e%2e%2f") AND action="list"

📊 Metadata

CVE ID: CVE-2024-52885

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE: CWE-35

EPSS Score: 0.07% exploit probability (22.1th percentile)

Published: August 6, 2025

Last Updated: August 27, 2025

🔗 References

https://support.checkpoint.com/results/sk/sk183137 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52885, you might also want to check these: