Checkpoint

Quantum Security Gateway

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung Medienbericht
  • EPSS 70.1%
  • Veröffentlicht 08.06.2026 11:07:15
  • Zuletzt bearbeitet 09.06.2026 18:30:55

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user...

Medienbericht
  • EPSS 4.86%
  • Veröffentlicht 08.06.2026 11:00:38
  • Zuletzt bearbeitet 08.06.2026 14:57:49

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based au...

  • EPSS 2.61%
  • Veröffentlicht 26.05.2026 12:57:19
  • Zuletzt bearbeitet 26.05.2026 19:09:11

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.

Medienbericht
  • EPSS 4.36%
  • Veröffentlicht 26.05.2026 12:57:07
  • Zuletzt bearbeitet 26.05.2026 19:09:11

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserC...

Medienbericht
  • EPSS 4.75%
  • Veröffentlicht 26.05.2026 12:56:56
  • Zuletzt bearbeitet 26.05.2026 19:09:11

When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.

Medienbericht
  • EPSS 2.14%
  • Veröffentlicht 26.05.2026 12:56:47
  • Zuletzt bearbeitet 26.05.2026 19:09:11

The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to deni...

Medienbericht
  • EPSS 2.66%
  • Veröffentlicht 26.05.2026 12:56:08
  • Zuletzt bearbeitet 26.05.2026 19:09:11

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption...

  • EPSS 0.4%
  • Veröffentlicht 07.11.2024 12:15:24
  • Zuletzt bearbeitet 26.08.2025 16:40:18

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.