1. Home
  2. Vulnerabilities
  3. CVE-2024-24919

CVE-2024-24919

CVSS v3.1 8.6 (High)
86% Progress
EPSS 94.40 % (99th)
94.40% Progress
Affected Products 5
Advisories 1
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Check Point Software Technologies Ltd.
Published Date
2024-05-28 19:15:10
(3 months ago)
Updated Date
2024-05-31 16:04:09
(3 months ago)
Check Point Quantum Security Gateways Information Disclosure Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://support.checkpoint.com/results/sk/sk182336
Vendor
Check Point
Product
Quantum Security Gateways
In CISA Catalog from
2024-05-30
(3 months ago)
Due Date
2024-06-20
(2 months ago)

Affected Products

Checkpoint

Configuration #1

AND
    CPE23 From Up To
OR  
  Checkpoint Quantum Security Gateway Firmware R80.40 cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40
OR  
  Running on/with
  Checkpoint Quantum Security Gateway cpe:2.3:h:checkpoint:quantum_security_gateway:-

Configuration #2

    CPE23 From Up To
  Checkpoint Cloudguard Network Security R80.40 cpe:2.3:a:checkpoint:cloudguard_network_security:r80.40
  Checkpoint Cloudguard Network Security R81.0 cpe:2.3:a:checkpoint:cloudguard_network_security:r81.0
  Checkpoint Cloudguard Network Security R81.10 cpe:2.3:a:checkpoint:cloudguard_network_security:r81.10
  Checkpoint Cloudguard Network Security R81.20 cpe:2.3:a:checkpoint:cloudguard_network_security:r81.20

Configuration #3

AND
    CPE23 From Up To
OR  
  Checkpoint Quantum Security Gateway Firmware R81.20 cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.20
OR  
  Running on/with
  Checkpoint Quantum Security Gateway cpe:2.3:h:checkpoint:quantum_security_gateway:-

Configuration #4

AND
    CPE23 From Up To
OR  
  Checkpoint Quantum Security Gateway Firmware R81.10 cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.10
OR  
  Running on/with
  Checkpoint Quantum Security Gateway cpe:2.3:h:checkpoint:quantum_security_gateway:-

Configuration #5

AND
    CPE23 From Up To
OR  
  Checkpoint Quantum Security Gateway Firmware R81.0 cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.0
OR  
  Running on/with
  Checkpoint Quantum Security Gateway cpe:2.3:h:checkpoint:quantum_security_gateway:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Checkpoint Quantum Spark Firmware R81.10 cpe:2.3:o:checkpoint:quantum_spark_firmware:r81.10
OR  
  Running on/with
  Checkpoint Quantum Spark cpe:2.3:h:checkpoint:quantum_spark:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Checkpoint Quantum Spark Firmware R80.20 cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.20
OR  
  Running on/with
  Checkpoint Quantum Spark cpe:2.3:h:checkpoint:quantum_spark:-