vulnerability

Check Point: Quantum Gateway Information Disclosure: CVE-2024-24919

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

May 28, 2024

Added

May 29, 2024

Modified

Jun 3, 2024

Description

A vulnerability in Check Point Security Gateways with IPSec VPN, Remote Access VPN and the Mobile Access software blade allows disclosure of information. The vendor advisory does not specify what information may be disclosed, but does recommend rotating passwords and certificates stored on the device. Check Point discovered this vulnerability while investigating attempts to gain unauthorized access to VPN products used by their customers.

Solution

checkpoint-cve-2024-24919

References

CVE-2024-24919
https://attackerkb.com/topics/CVE-2024-24919
https://support.checkpoint.com/results/sk/sk182336
https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report