119 results (0.015 seconds)

CVSS: 8.6EPSS: 93%CPEs: 16EXPL: 51

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta vulnerabilidad. Check Point Security Gateway suffers from an information disclosure vulnerability. • https://github.com/verylazytech/CVE-2024-24919 https://github.com/RevoltSecurities/CVE-2024-24919 https://github.com/seed1337/CVE-2024-24919-POC https://github.com/GoatSecurity/CVE-2024-24919 https://github.com/LucasKatashi/CVE-2024-24919 https://github.com/emanueldosreis/CVE-2024-24919 https://github.com/Rug4lo/CVE-2024-24919-Exploit https://github.com/zam89/CVE-2024-24919 https://github.com/GlobalsecureAcademy/CVE-2024-24919 https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un atacante local puede aumentar los privilegios en las instalaciones afectadas de Check Point Harmony Endpoint/ZoneAlarm Extreme Security. Un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. • https://support.checkpoint.com/results/sk/sk181597 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1

Local user may lead to privilege escalation using Gaia Portal hostnames page. Checkpoint Gaia Portal version R81.10 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html http://seclists.org/fulldisclosure/2023/Aug/4 http://seclists.org/fulldisclosure/2023/Jul/43 https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal https://support.checkpoint.com/results/sk/sk181311 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file • https://support.checkpoint.com/results/sk/sk181276 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 190EXPL: 0

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords. La IPsec VPN blade tiene un portal dedicado para descargar y conectarse a través de SSL Network Extender (SNX). Si el portal está configurado para autenticación de nombre de usuario/contraseña, es vulnerable a un ataque de fuerza bruta a nombres de usuario y contraseñas. • https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180271 • CWE-307: Improper Restriction of Excessive Authentication Attempts •