CVE-2024-24919
Vulnerability from cvelistv5
Published
2024-05-28 18:22
Modified
2024-08-01 23:36
Summary
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Impacted products
Vendor Product Version
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2024-05-30

Due date: 2024-06-20

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://support.checkpoint.com/results/sk/sk182336; https://nvd.nist.gov/vuln/detail/CVE-2024-24919

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "quantum_security_gateway_firmware",
            "vendor": "checkpoint",
            "versions": [
              {
                "status": "affected",
                "version": "r80.40"
              },
              {
                "status": "affected",
                "version": "r81"
              },
              {
                "status": "affected",
                "version": "r81.10"
              },
              {
                "status": "affected",
                "version": "r81.20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cloudguard_network",
            "vendor": "checkpoint",
            "versions": [
              {
                "status": "affected",
                "version": "r80.40"
              },
              {
                "status": "affected",
                "version": "r81"
              },
              {
                "status": "affected",
                "version": "r81.10"
              },
              {
                "status": "affected",
                "version": "r81.20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "quantum_spark_appliances",
            "vendor": "checkpoint",
            "versions": [
              {
                "status": "affected",
                "version": "r80.40"
              },
              {
                "status": "affected",
                "version": "r81"
              },
              {
                "status": "affected",
                "version": "r81.10"
              },
              {
                "status": "affected",
                "version": "r81.20"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24919",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T04:00:11.841700Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-05-30",
                "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:43:22.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-05-30T00:00:00+00:00",
            "value": "CVE-2024-24919 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:20.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.checkpoint.com/results/sk/sk182336"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Check Point Quantum Gateway, Spark Gateway and CloudGuard Network",
          "vendor": "checkpoint",
          "versions": [
            {
              "status": "affected",
              "version": "Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-30T12:40:21.757Z",
        "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "shortName": "checkpoint"
      },
      "references": [
        {
          "url": "https://support.checkpoint.com/results/sk/sk182336"
        }
      ],
      "title": "Information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
    "assignerShortName": "checkpoint",
    "cveId": "CVE-2024-24919",
    "datePublished": "2024-05-28T18:22:19.401Z",
    "dateReserved": "2024-02-01T15:19:26.279Z",
    "dateUpdated": "2024-08-01T23:36:20.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-24919",
      "cwes": "[\"CWE-200\"]",
      "dateAdded": "2024-05-30",
      "dueDate": "2024-06-20",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.checkpoint.com/results/sk/sk182336;   https://nvd.nist.gov/vuln/detail/CVE-2024-24919",
      "product": "Quantum Security Gateways",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.",
      "vendorProject": "Check Point",
      "vulnerabilityName": "Check Point Quantum Security Gateways Information Disclosure Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-24919\",\"sourceIdentifier\":\"cve@checkpoint.com\",\"published\":\"2024-05-28T19:15:10.060\",\"lastModified\":\"2024-11-21T08:59:58.267\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.\"},{\"lang\":\"es\",\"value\":\"Potencialmente, permitir que un atacante lea cierta informaci\u00f3n en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso m\u00f3vil. Hay disponible una soluci\u00f3n de seguridad que mitiga esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@checkpoint.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}]},\"cisaExploitAdd\":\"2024-05-30\",\"cisaActionDue\":\"2024-06-20\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Check Point Quantum Security Gateways Information Disclosure Vulnerability\",\"weaknesses\":[{\"source\":\"cve@checkpoint.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0002A29-8B42-445D-9EC4-58BC93194241\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9016DDF6-285C-4E64-88D0-29ECCEF048F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:cloudguard_network_security:r80.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A382E0DC-2BBA-4EC9-A695-8062C3DC405D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:cloudguard_network_security:r81.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B134BAA-A9A2-4060-9CDE-3AB9770F07FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:cloudguard_network_security:r81.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FCE5DC3-745A-4FC4-A2EF-AC4931E2A630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:cloudguard_network_security:r81.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"121E2863-57A8-41F1-B7E0-B41600959A5E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26705EAD-B1B6-40DB-8C10-1070E92E86F3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9016DDF6-285C-4E64-88D0-29ECCEF048F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD9F864E-435C-4753-9831-EDBE4ABD7B31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9016DDF6-285C-4E64-88D0-29ECCEF048F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8E08B0C-4876-40A9-A422-3D327501F531\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9016DDF6-285C-4E64-88D0-29ECCEF048F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:quantum_spark_firmware:r81.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD5A3388-8310-4FA4-AD07-771F2E983674\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC94897D-88D2-4F56-BEBC-04899FE17197\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F325578-5CB0-486A-BD44-18E4BFB52441\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC94897D-88D2-4F56-BEBC-04899FE17197\"}]}]}],\"references\":[{\"url\":\"https://support.checkpoint.com/results/sk/sk182336\",\"source\":\"cve@checkpoint.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.checkpoint.com/results/sk/sk182336\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.