CVE-2024-24919
HIGH CISA KEV EPSS 100.0%
Published May 28, 20242y ago · Modified Jun 17, 20261w ago
8.6 CVSS 3.1
Published May 28, 2024 2y ago
Last Modified Jun 17, 2026 1w ago
KEV Listed May 30, 2024 2y ago
KEV Due Jun 20, 2024 740d overdue
Description
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None
Threat Intelligence
CISA Known Exploited Overdue 740d
- Added
- May 30, 2024
- Due
- Jun 20, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
EPSS Exploit Probability
100.0% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 20
| Vendor | Product | Version | Range |
|---|---|---|---|
| checkpoint | quantum_spark_firmware | r80.40 | any |
| checkpoint | quantum_spark | * | any |
| checkpoint | quantum_spark_firmware | r81 | any |
| checkpoint | quantum_spark | * | any |
| checkpoint | quantum_security_gateway_firmware | r80.40 | any |
| checkpoint | quantum_security_gateway | * | any |
| checkpoint | cloudguard_network_security | r80.40 | any |
| checkpoint | cloudguard_network_security | r81 | any |
| checkpoint | cloudguard_network_security | r81.10 | any |
| checkpoint | cloudguard_network_security | r81.20 | any |
| checkpoint | quantum_security_gateway_firmware | r81.20 | any |
| checkpoint | quantum_security_gateway | * | any |
| checkpoint | quantum_security_gateway_firmware | r81.10 | any |
| checkpoint | quantum_security_gateway | * | any |
| checkpoint | quantum_security_gateway_firmware | r81 | any |
| checkpoint | quantum_security_gateway | * | any |
| checkpoint | quantum_spark_firmware | r81.10 | any |
| checkpoint | quantum_spark | * | any |
| checkpoint | quantum_spark_firmware | r80.20 | any |
| checkpoint | quantum_spark | * | any |
References 3
- support.checkpoint.com https://support.checkpoint.com/results/sk/sk182336
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919
- mnemonic.io https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/
Remediation
- support.checkpoint.com https://support.checkpoint.com/results/sk/sk182336