CVE-2024-24919

Summary

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Affected Software

VendorProductVersion RangeStatus
checkpointCheck Point Quantum Gateway, Spark Gateway and CloudGuard NetworkCheck Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20.affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

CVE Program Container

Additional References

References