CVE-2024-24919

Check Point Quantum Security Gateways Information Disclosure Vulnerability

Severity Score

8.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta vulnerabilidad.

Check Point Security Gateway suffers from an information disclosure vulnerability. Versions affected include R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

*Credits: N/A

CVSS Scores

NISTv3.1 8.6

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-01 CVE Reserved
2024-05-28 CVE Published
2024-05-30 Exploited in Wild
2024-05-30 First Exploit
2024-06-20 KEV Due Date
2024-08-01 CVE Updated
2024-11-08 EPSS Updated

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (53)

URL	Tag	Source
-

URL	Date	SRC
https://github.com/verylazytech/CVE-2024-24919	2024-09-19
https://github.com/RevoltSecurities/CVE-2024-24919	2024-06-05
https://github.com/seed1337/CVE-2024-24919-POC	2024-06-03
https://github.com/GoatSecurity/CVE-2024-24919	2024-05-31
https://github.com/LucasKatashi/CVE-2024-24919	2024-05-30
https://github.com/emanueldosreis/CVE-2024-24919	2024-05-30
https://github.com/Rug4lo/CVE-2024-24919-Exploit	2024-06-03
https://github.com/zam89/CVE-2024-24919	2024-05-31
https://github.com/GlobalsecureAcademy/CVE-2024-24919	2024-05-31
https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN	2024-06-01
https://github.com/r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check	2024-06-01
https://github.com/nullcult/CVE-2024-24919-Exploit	2024-06-07
https://github.com/un9nplayer/CVE-2024-24919	2024-06-05
https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit	2024-06-02
https://github.com/starlox0/CVE-2024-24919-POC	2024-06-06
https://github.com/c3rrberu5/CVE-2024-24919	2024-05-30
https://github.com/GuayoyoCyber/CVE-2024-24919	2024-06-04
https://github.com/0nin0hanz0/CVE-2024-24919-PoC	2024-07-27
https://github.com/smackerdodi/CVE-2024-24919-nuclei-templater	2024-05-31
https://github.com/Bytenull00/CVE-2024-24919	2024-05-30
https://github.com/bigb0x/CVE-2024-24919-Sniper	2024-06-02
https://github.com/am-eid/CVE-2024-24919	2024-05-31
https://github.com/fernandobortotti/CVE-2024-24919	2024-06-01
https://github.com/satriarizka/CVE-2024-24919	2024-05-31
https://github.com/ShadowByte1/CVE-2024-24919	2024-07-14
https://github.com/smkxt1/CVE-2024-24919	2024-07-31
https://github.com/yagyuufellinluvv/CVE-2024-24919	2024-06-01
https://github.com/Vulnpire/CVE-2024-24919	2024-05-31
https://github.com/SalehLardhi/CVE-2024-24919	2024-06-11
https://github.com/YN1337/CVE-2024-24919	2024-06-01
https://github.com/Cappricio-Securities/CVE-2024-24919	2024-06-21
https://github.com/0xans/CVE-2024-24919	2024-06-19
https://github.com/nexblade12/CVE-2024-24919	2024-05-31
https://github.com/P3wc0/CVE-2024-24919	2024-05-31
https://github.com/0x3f3c/CVE-2024-24919	2024-06-01
https://github.com/gurudattch/CVE-2024-24919	2024-06-01
https://github.com/MohamedWagdy7/CVE-2024-24919	2024-05-31
https://github.com/Tim-Hoekstra/CVE-2024-24919	2024-06-04
https://github.com/H3KEY/CVE-2024-24919	2024-07-22
https://github.com/hendprw/CVE-2024-24919	2024-05-30
https://github.com/protonnegativo/CVE-2024-24919	2024-06-10
https://github.com/J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT	2024-06-02
https://github.com/B1naryo/CVE-2024-24919-POC	2024-06-02
https://github.com/Expl0itD0g/CVE-2024-24919---Poc	2024-06-02
https://github.com/Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN	2024-06-02
https://github.com/0xYumeko/CVE-2024-24919	2024-06-01
https://github.com/LuisMateo1/Arbitrary-File-Read-CVE-2024-24919	2024-08-29
https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner	2024-06-02
https://github.com/geniuszlyy/CVE-2024-24919	2024-09-29
https://github.com/skyrowalker/CVE-2024-24919	2024-10-10
https://github.com/0xkalawy/CVE-2024-24919	2024-05-31

URL	Date	SRC
https://support.checkpoint.com/results/sk/sk182336	2024-05-31

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Firmware Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"	r80.40 Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r80.40"	-	Affected	in	Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Search vendor "Checkpoint" for product "Quantum Security Gateway"	-	-	Safe
Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Firmware Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"	r81.20 Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r81.20"	-	Affected	in	Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Search vendor "Checkpoint" for product "Quantum Security Gateway"	-	-	Safe
Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Firmware Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"	r81.10 Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r81.10"	-	Affected	in	Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Search vendor "Checkpoint" for product "Quantum Security Gateway"	-	-	Safe
Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Firmware Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware"	r81.0 Search vendor "Checkpoint" for product "Quantum Security Gateway Firmware" and version "r81.0"	-	Affected	in	Checkpoint Search vendor "Checkpoint"	Quantum Security Gateway Search vendor "Checkpoint" for product "Quantum Security Gateway"	-	-	Safe
Checkpoint Search vendor "Checkpoint"	Quantum Spark Firmware Search vendor "Checkpoint" for product "Quantum Spark Firmware"	r81.10 Search vendor "Checkpoint" for product "Quantum Spark Firmware" and version "r81.10"	-	Affected	in	Checkpoint Search vendor "Checkpoint"	Quantum Spark Search vendor "Checkpoint" for product "Quantum Spark"	-	-	Safe
Checkpoint Search vendor "Checkpoint"	Quantum Spark Firmware Search vendor "Checkpoint" for product "Quantum Spark Firmware"	r80.20 Search vendor "Checkpoint" for product "Quantum Spark Firmware" and version "r80.20"	-	Affected	in	Checkpoint Search vendor "Checkpoint"	Quantum Spark Search vendor "Checkpoint" for product "Quantum Spark"	-	-	Safe
Checkpoint Search vendor "Checkpoint"		Cloudguard Network Security Search vendor "Checkpoint" for product "Cloudguard Network Security"				r80.40 Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r80.40"		-		Affected
Checkpoint Search vendor "Checkpoint"		Cloudguard Network Security Search vendor "Checkpoint" for product "Cloudguard Network Security"				r81.0 Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r81.0"		-		Affected
Checkpoint Search vendor "Checkpoint"		Cloudguard Network Security Search vendor "Checkpoint" for product "Cloudguard Network Security"				r81.10 Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r81.10"		-		Affected
Checkpoint Search vendor "Checkpoint"		Cloudguard Network Security Search vendor "Checkpoint" for product "Cloudguard Network Security"				r81.20 Search vendor "Checkpoint" for product "Cloudguard Network Security" and version "r81.20"		-		Affected