// For flags

CVE-2024-24919

Check Point Quantum Security Gateways Information Disclosure Vulnerability

Severity Score

8.6
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

51
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta vulnerabilidad.

Check Point Security Gateway suffers from an information disclosure vulnerability. Versions affected include R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-01 CVE Reserved
  • 2024-05-28 CVE Published
  • 2024-05-30 Exploited in Wild
  • 2024-05-30 First Exploit
  • 2024-06-20 KEV Due Date
  • 2024-08-01 CVE Updated
  • 2024-11-08 EPSS Updated
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (53)
URL Tag Source
-
URL Date SRC
https://github.com/verylazytech/CVE-2024-24919 2024-09-19
https://github.com/RevoltSecurities/CVE-2024-24919 2024-06-05
https://github.com/seed1337/CVE-2024-24919-POC 2024-06-03
https://github.com/GoatSecurity/CVE-2024-24919 2024-05-31
https://github.com/LucasKatashi/CVE-2024-24919 2024-05-30
https://github.com/emanueldosreis/CVE-2024-24919 2024-05-30
https://github.com/Rug4lo/CVE-2024-24919-Exploit 2024-06-03
https://github.com/zam89/CVE-2024-24919 2024-05-31
https://github.com/GlobalsecureAcademy/CVE-2024-24919 2024-05-31
https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN 2024-06-01
https://github.com/r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check 2024-06-01
https://github.com/nullcult/CVE-2024-24919-Exploit 2024-06-07
https://github.com/un9nplayer/CVE-2024-24919 2024-06-05
https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit 2024-06-02
https://github.com/starlox0/CVE-2024-24919-POC 2024-06-06
https://github.com/c3rrberu5/CVE-2024-24919 2024-05-30
https://github.com/GuayoyoCyber/CVE-2024-24919 2024-06-04
https://github.com/0nin0hanz0/CVE-2024-24919-PoC 2024-07-27
https://github.com/smackerdodi/CVE-2024-24919-nuclei-templater 2024-05-31
https://github.com/Bytenull00/CVE-2024-24919 2024-05-30
https://github.com/bigb0x/CVE-2024-24919-Sniper 2024-06-02
https://github.com/am-eid/CVE-2024-24919 2024-05-31
https://github.com/fernandobortotti/CVE-2024-24919 2024-06-01
https://github.com/satriarizka/CVE-2024-24919 2024-05-31
https://github.com/ShadowByte1/CVE-2024-24919 2024-07-14
https://github.com/smkxt1/CVE-2024-24919 2024-07-31
https://github.com/yagyuufellinluvv/CVE-2024-24919 2024-06-01
https://github.com/Vulnpire/CVE-2024-24919 2024-05-31
https://github.com/SalehLardhi/CVE-2024-24919 2024-06-11
https://github.com/YN1337/CVE-2024-24919 2024-06-01
https://github.com/Cappricio-Securities/CVE-2024-24919 2024-06-21
https://github.com/0xans/CVE-2024-24919 2024-06-19
https://github.com/nexblade12/CVE-2024-24919 2024-05-31
https://github.com/P3wc0/CVE-2024-24919 2024-05-31
https://github.com/0x3f3c/CVE-2024-24919 2024-06-01
https://github.com/gurudattch/CVE-2024-24919 2024-06-01
https://github.com/MohamedWagdy7/CVE-2024-24919 2024-05-31
https://github.com/Tim-Hoekstra/CVE-2024-24919 2024-06-04
https://github.com/H3KEY/CVE-2024-24919 2024-07-22
https://github.com/hendprw/CVE-2024-24919 2024-05-30
https://github.com/protonnegativo/CVE-2024-24919 2024-06-10
https://github.com/J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT 2024-06-02
https://github.com/B1naryo/CVE-2024-24919-POC 2024-06-02
https://github.com/Expl0itD0g/CVE-2024-24919---Poc 2024-06-02
https://github.com/Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN 2024-06-02
https://github.com/0xYumeko/CVE-2024-24919 2024-06-01
https://github.com/LuisMateo1/Arbitrary-File-Read-CVE-2024-24919 2024-08-29
https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner 2024-06-02
https://github.com/geniuszlyy/CVE-2024-24919 2024-09-29
https://github.com/skyrowalker/CVE-2024-24919 2024-10-10
https://github.com/0xkalawy/CVE-2024-24919 2024-05-31
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway Firmware
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"
r80.40
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r80.40"
-
Affected
in Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway
Search vendor "Checkpoint" for product "Quantum Security Gateway"
--
Safe
Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway Firmware
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"
r81.20
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r81.20"
-
Affected
in Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway
Search vendor "Checkpoint" for product "Quantum Security Gateway"
--
Safe
Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway Firmware
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"
r81.10
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r81.10"
-
Affected
in Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway
Search vendor "Checkpoint" for product "Quantum Security Gateway"
--
Safe
Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway Firmware
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"
r81.0
Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r81.0"
-
Affected
in Checkpoint
Search vendor "Checkpoint"
Quantum Security Gateway
Search vendor "Checkpoint" for product "Quantum Security Gateway"
--
Safe
Checkpoint
Search vendor "Checkpoint"
Quantum Spark Firmware
Search vendor "Checkpoint" for product "Quantum Spark Firmware"
r81.10
Search vendor "Checkpoint" for product "Quantum Spark Firmware" and version "r81.10"
-
Affected
in Checkpoint
Search vendor "Checkpoint"
Quantum Spark
Search vendor "Checkpoint" for product "Quantum Spark"
--
Safe
Checkpoint
Search vendor "Checkpoint"
Quantum Spark Firmware
Search vendor "Checkpoint" for product "Quantum Spark Firmware"
r80.20
Search vendor "Checkpoint" for product "Quantum Spark Firmware" and version "r80.20"
-
Affected
in Checkpoint
Search vendor "Checkpoint"
Quantum Spark
Search vendor "Checkpoint" for product "Quantum Spark"
--
Safe
Checkpoint
Search vendor "Checkpoint"
Cloudguard Network Security
Search vendor "Checkpoint" for product "Cloudguard Network Security"
r80.40
Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r80.40"
-
Affected
Checkpoint
Search vendor "Checkpoint"
Cloudguard Network Security
Search vendor "Checkpoint" for product "Cloudguard Network Security"
r81.0
Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r81.0"
-
Affected
Checkpoint
Search vendor "Checkpoint"
Cloudguard Network Security
Search vendor "Checkpoint" for product "Cloudguard Network Security"
r81.10
Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r81.10"
-
Affected
Checkpoint
Search vendor "Checkpoint"
Cloudguard Network Security
Search vendor "Checkpoint" for product "Cloudguard Network Security"
r81.20
Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r81.20"
-
Affected