CVE-2024-24919

HIGHCISA KEV

8.6

Descricao

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Detalhes CVE

Pontuacao CVSS v3.18.6

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado5/28/2024

Ultima modificacao10/24/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorCheck Point

ProdutoQuantum Security Gateways

Nome da vulnerabilidadeCheck Point Quantum Security Gateways Information Disclosure Vulnerability

Data inclusao KEV2024-05-30

Prazo de remediacao2024-06-20

Uso em ransomwareKnown

Produtos afetados

checkpoint:cloudguard_network_securitycheckpoint:quantum_security_gatewaycheckpoint:quantum_security_gateway_firmwarecheckpoint:quantum_sparkcheckpoint:quantum_spark_firmware

Fraquezas (CWE)

CWE-200

Referencias

https://support.checkpoint.com/results/sk/sk182336(cve@checkpoint.com)

https://support.checkpoint.com/results/sk/sk182336(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.