CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.checkpoint.com/results/sk/sk182336	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:checkpoint:cloudguard_network_security:r80.40:::::::*
	cpe:2.3:a:checkpoint:cloudguard_network_security:r81.0:::::::*
	cpe:2.3:a:checkpoint:cloudguard_network_security:r81.10:::::::*
	cpe:2.3:a:checkpoint:cloudguard_network_security:r81.20:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.20:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.10:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.0:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:checkpoint:quantum_spark_firmware:r81.10:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.20:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*

History

31 May 2024, 16:04

Type	Values Removed	Values Added
First Time		Checkpoint quantum Security Gateway Firmware Checkpoint quantum Spark Firmware Checkpoint quantum Security Gateway Checkpoint cloudguard Network Security Checkpoint quantum Spark Checkpoint
CWE		NVD-CWE-noinfo
References	~~() https://support.checkpoint.com/results/sk/sk182336 -~~	() https://support.checkpoint.com/results/sk/sk182336 - Mitigation, Patch, Vendor Advisory
CPE		cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.20:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.10:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.20:::::::* cpe:2.3:h:checkpoint:quantum_security_gateway:-:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.0:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r81.0:::::::* cpe:2.3:o:checkpoint:quantum_spark_firmware:r81.10:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r81.10:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:::::::* cpe:2.3:h:checkpoint:quantum_spark:-:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r81.20:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r80.40:::::::*

30 May 2024, 13:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.6

29 May 2024, 13:02

Type	Values Removed	Values Added
Summary		(es) Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta vulnerabilidad.

28 May 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-28 19:15

Updated : 2024-05-31 16:04

NVD link : CVE-2024-24919

Mitre link : CVE-2024-24919

CVE.ORG link : CVE-2024-24919

JSON object : View

Products Affected

checkpoint

cloudguard_network_security
quantum_spark_firmware
quantum_spark
quantum_security_gateway_firmware
quantum_security_gateway

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

JSON object

Attach tags to CVE-2024-24919

8.6^/10

Attach tags to `CVE-2024-24919`