8.6

CVE-2024-24919

Warning

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Data is provided by the National Vulnerability Database (NVD)
CheckpointQuantum Spark Firmware Versionr80.40
   CheckpointQuantum Spark Version-
CheckpointQuantum Spark Firmware Versionr81
   CheckpointQuantum Spark Version-
CheckpointQuantum Spark Firmware Versionr81.10
   CheckpointQuantum Spark Version-
CheckpointQuantum Spark Firmware Versionr80.20
   CheckpointQuantum Spark Version-

30.05.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Check Point Quantum Security Gateways Information Disclosure Vulnerability

Vulnerability

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 94.34% 0.999
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cve@checkpoint.com 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://support.checkpoint.com/results/sk/sk182336
Patch
Vendor Advisory
Mitigation