Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NCheckpoint Cloudguard Network Security
APPCheckpointr80.40r81r81.10r81.20Checkpoint Quantum Security Gateway
HWCheckpointwszystkie wersjeCheckpoint Quantum Security Gateway Firmware
OSCheckpointr80.40r81r81.10r81.20Checkpoint Quantum Spark
HWCheckpointwszystkie wersjeCheckpoint Quantum Spark Firmware
OSCheckpointr80.20r80.40r81r81.10
CISA KEV — detailsi
- Vendori
- Check Point
- Producti
- Quantum Security Gateways
- Added to KEVi
- May 30, 2024
- Remediation deadline (US Federal)i
- June 20, 2024(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.
Related vulnerabilities
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Secu...
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Cli...
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client....
Auth Bypass w Check Point VPN — pominięcie uwierzytelnienia przez błąd IKEv1
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process ...