CVE-2024-24919

high

Description

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

References

https://www.rapid7.com/blog/post/2024/06/21/metasploit-weekly-wrap-up-06-21-2024/

https://sumedh00.medium.com/i-reported-zero-day-cve-2024-24919-and-got-informative-25409fac9765?source=rss------hacking-5

https://sumedh00.medium.com/i-reported-zero-day-cve-2024-24919-and-got-informative-25409fac9765?source=rss------bug_bounty-5

https://blog.qualys.com/vulnerabilities-threat-research/2024/06/07/check-point-security-gateway-information-disclosure-vulnerability-cve-2024-24919

https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919

https://www.theregister.com/2024/06/03/infosec_in_brief/

https://medium.com/@verylazytech/cve-2024-24919-poc-bfd6508829bc?source=rss------hacking-5

https://medium.com/@verylazytech/cve-2024-24919-poc-bfd6508829bc?source=rss------exploit-5

https://medium.com/@verylazytech/cve-2024-24919-poc-bfd6508829bc?source=rss------cybersecurity-5

https://securityaffairs.com/164015/breaking-news/security-affairs-newsletter-round-474-by-pierluigi-paganini-international-edition.html

https://medium.com/@harboot/the-growing-threat-of-cyber-crime-exploiting-system-vulnerabilities-dfaa9babbc03?source=rss------vulnerability-5

https://medium.com/@harboot/the-growing-threat-of-cyber-crime-exploiting-system-vulnerabilities-dfaa9babbc03?source=rss------cybersecurity-5

https://medium.com/@jr.mayank1999/exploit-poc-of-cve-2024-24919-0077396a90bd?source=rss------exploit-5

https://medium.com/@jr.mayank1999/exploit-poc-of-cve-2024-24919-0077396a90bd?source=rss------cve-5

https://nahid0x1.medium.com/exploiting-cve-2024-24919-information-disclosure-in-check-point-quantum-gateway-6a5f8979e479?source=rss------vulnerability-5

https://nahid0x1.medium.com/exploiting-cve-2024-24919-information-disclosure-in-check-point-quantum-gateway-6a5f8979e479?source=rss------security-5

https://nahid0x1.medium.com/exploiting-cve-2024-24919-information-disclosure-in-check-point-quantum-gateway-6a5f8979e479?source=rss------cve-5

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/

https://www.hivepro.com/threat-advisory/check-point-fixes-zero-day-cve-2024-24919-exploited-in-the-wild/

https://thecyberthrone.in/2024/05/31/cisa-kev-catalog-update-may-2024-part-iv/

https://securityaffairs.com/163896/security/cisa-check-point-quantum-security-gateways-linux-kernel-flaws-known-exploited-vulnerabilities-catalog.html

https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/

https://thecyberthrone.in/2024/05/30/checkpoint-fixed-zeroday-flaw-cve-2024-24919/

https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-patch.html

https://securityaffairs.com/163850/digital-id/check-point-vpn-zero-day-hotfix.html

https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/

https://www.bleepingcomputer.com/news/security/check-point-vpn-zero-day-exploited-in-attacks-since-april-30/

https://blog.checkpoint.com/security/enhance-your-vpn-security-posture

https://support.checkpoint.com/results/sk/sk182336

https://support.checkpoint.com/results/sk/sk182336

https://blog.checkpoint.com/security/enhance-your-vpn-security-posture

Details

Source: Mitre, NVD

Published: 2024-05-28

Updated: 2024-05-31

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Severity: High