CVE-2024-24919 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Check Point Quantum Security Gateways Information Disclosure Vulnerability

Exploit added

May 30, 2024

Action due

June 20, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

References

https://support.checkpoint.com/results/sk/sk182336

Weakness Enumeration

CWE-ID	CWE Name
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

Known Affected Software Configurations

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:::::::*

Details

Source:
NVD

Published:
May 28, 2024

Updated:
May 31, 2024

Risk information

CVSS v3

Base score:
8.6

Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS v2

Not defined