8.6

CVE-2024-24919

Warnung

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CheckpointQuantum Spark Firmware Versionr80.40
   CheckpointQuantum Spark Version-
CheckpointQuantum Spark Firmware Versionr81
   CheckpointQuantum Spark Version-
CheckpointQuantum Spark Firmware Versionr81.10
   CheckpointQuantum Spark Version-
CheckpointQuantum Spark Firmware Versionr80.20
   CheckpointQuantum Spark Version-

30.05.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Check Point Quantum Security Gateways Information Disclosure Vulnerability

Schwachstelle

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.34% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cve@checkpoint.com 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://support.checkpoint.com/results/sk/sk182336
Patch
Vendor Advisory
Mitigation