HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-24919

CVSS 8.6v3.1pub. 2024-05-28upd. 2025-10-24

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • Checkpoint Cloudguard Network Security

    APP
    Checkpoint
    r80.40r81r81.10r81.20
  • Checkpoint Quantum Security Gateway

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Security Gateway Firmware

    OS
    Checkpoint
    r80.40r81r81.10r81.20
  • Checkpoint Quantum Spark

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Spark Firmware

    OS
    Checkpoint
    r80.20r80.40r81r81.10

CISA KEV — detailsi

Vendori
Check Point
Producti
Quantum Security Gateways
Added to KEVi
May 30, 2024
Remediation deadline (US Federal)i
June 20, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 20 czerwca 2024
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2024-24914HIGH8.0ten sam produkt

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Secu...

CVE-2021-30361MEDIUM6.7ten sam produkt

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Cli...

CVE-2021-3449MEDIUM5.9ten sam produkt

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client....

CVE-2026-50751CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Auth Bypass w Check Point VPN — pominięcie uwierzytelnienia przez błąd IKEv1

CVE-2019-8459CRITICAL9.8ten sam vendor

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process ...