CVE-2024-24919: Check Point Quantum Security Gateways Information Disclosure Vulnerability
First published: Tue May 28 2024(Updated: )
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.
Credit: cve@checkpoint.com cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Checkpoint Quantum Security Gateway Firmware | =r80.40 | |
| Checkpoint Quantum Security Gateway | ||
| Checkpoint Cloudguard Network Security | =r80.40 | |
| Checkpoint Cloudguard Network Security | =r81.0 | |
| Checkpoint Cloudguard Network Security | =r81.10 | |
| Checkpoint Cloudguard Network Security | =r81.20 | |
| All of | ||
| Checkpoint Quantum Security Gateway Firmware | =r81.20 | |
| Checkpoint Quantum Security Gateway | ||
| All of | ||
| Checkpoint Quantum Security Gateway Firmware | =r81.10 | |
| Checkpoint Quantum Security Gateway | ||
| All of | ||
| Checkpoint Quantum Security Gateway Firmware | =r81.0 | |
| Checkpoint Quantum Security Gateway | ||
| All of | ||
| Checkpoint Quantum Spark Firmware | =r81.10 | |
| Checkpoint Quantum Spark | ||
| All of | ||
| Checkpoint Quantum Spark Firmware | =r80.20 | |
| Checkpoint Quantum Spark | ||
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/
- https://www.bleepingcomputer.com/news/security/check-point-vpn-zero-day-exploited-in-attacks-since-april-30/
- https://support.checkpoint.com/results/sk/sk182336
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/
- https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware-gangs-to-extort-breached-orgs/
- https://www.theregister.com/2024/08/28/iran_pioneer_kitten/
- https://support.checkpoint.com/results/sk/sk182336;
- https://nvd.nist.gov/vuln/detail/CVE-2024-24919
- https://www.theregister.com/2024/11/11/infosec_in_brief/
- agent/weakness
- agent/first-publish-date
- agent/type
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-24919
- alias/CVE-2024-24929
- agent/description
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2024-1086
- agent/title
- agent/severity
- collector/mitre-cve
- source/MITRE
- alias/CVE-2024-3400
- alias/CVE-2019-19781
- alias/CVE-2023-3519
- alias/CVE-2022-1388
- collector/the-register
- source/The Register
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/softwarecombine
- agent/author
- alias/CVE-2024-8956
- alias/CVE-2024-8957
- agent/references
- agent/tags
- agent/event
- collector/nvd-cve
- agent/last-modified-date
- agent/trending
- vendor/checkpoint
- canonical/checkpoint quantum security gateway firmware
- version/checkpoint quantum security gateway firmware/r80.40
- canonical/checkpoint quantum security gateway
- canonical/checkpoint cloudguard network security
- version/checkpoint cloudguard network security/r80.40
- version/checkpoint cloudguard network security/r81.0
- version/checkpoint cloudguard network security/r81.10
- version/checkpoint cloudguard network security/r81.20
- version/checkpoint quantum security gateway firmware/r81.20
- version/checkpoint quantum security gateway firmware/r81.10
- version/checkpoint quantum security gateway firmware/r81.0
- canonical/checkpoint quantum spark firmware
- version/checkpoint quantum spark firmware/r81.10
- canonical/checkpoint quantum spark
- version/checkpoint quantum spark firmware/r80.20
- vendor/check point
- canonical/check point quantum security gateways