[CISA-2024:0530] CISA Adds 2 Known Exploited Vulnerabilities to Catalog

Severity High

CVEs 2

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

[CVE-2024-1086] Linux Kernel Use-After-Free Vulnerability

Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.

Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Linux
Product: Kernel
Due Date: Thu Jun 20 00:00:00 2024
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660

[CVE-2024-24919] Check Point Quantum Security Gateways Information Disclosure Vulnerability

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Check Point
Product: Quantum Security Gateways
Due Date: Thu Jun 20 00:00:00 2024
Notes: https://support.checkpoint.com/results/sk/sk182336