CVE-2024-24919 is a vulnerability identified in Check Point Security Gateways that allows unauthorized remote attackers to exploit a flaw in the file handling mechanism, leading to arbitrary file reading. This vulnerability is especially dangerous due to its potential for allowing attackers to access sensitive data, such as password hashes, which could facilitate further malicious activities, including lateral movement within a compromised network. The vulnerable components are the IPSec VPN or Mobile Access blades, and it is reported to be actively exploited in the wild. The detection rule proposed aims to identify attempts at exploiting this vulnerability through specific URI paths related to client certificate revocation lists (CRL) and a directory known as CSHELL. The logic is constructed to sift through Cloudflare Web Application Firewall logs, identifying patterns that match the characteristics of exploitation attempts, including common exploitation methods like directory traversal. By monitoring for these attempts over a recent timeframe, the rule seeks to mitigate risks associated with this zero-day vulnerability.