CVE-2024-24919:
Information disclosure vulnerability (CVE-2024-24919) in Check Point Quantum Gateway, Spark Gateway, and CloudGuard Network software that could allow an attacker to read certain information over the internet when remote Access VPN or Mobile Access Software Blades are enabled. A security fix is available. Affects specific versions including Quantum/CloudGuard Network R81.20, R81.10, R81, R80.40 and Spark R81.10, R80.20; CVSS v3.1 base score 8.6 (HIGH).
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.6High- Published Date:May 28, 2024
- CISA KEV Date:May 30, 2024
- Industries Affected:20
2 DaysThreat Predictions
- EPSS Score:94.3
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:CHANGED
Impact
- Score:4.0
- Confidentiality Impact:HIGH
- Integrity Impact:NONE
- Availability Impact:NONE
Description Preview
Information disclosure vulnerability (CVE-2024-24919) in Check Point Quantum Gateway, Spark Gateway, and CloudGuard Network software that could allow an attacker to read certain information over the internet when remote Access VPN or Mobile Access Software Blades are enabled. A security fix is available. Affects specific versions including Quantum/CloudGuard Network R81.20, R81.10, R81, R80.40 and Spark R81.10, R80.20; CVSS v3.1 base score 8.6 (HIGH).
Overview
This vulnerability affects Check Point Quantum Gateway, Spark Gateway, and CloudGuard Network devices that are exposed to the internet with Remote Access VPN or Mobile Access Software Blades enabled, potentially allowing an attacker to read sensitive information from the gateway. Exploitation requires network access but no authentication or user interaction, and the issue has a high impact on confidentiality with a changed scope. A security fix has been released by Check Point to mitigate the vulnerability, and affected users are advised to apply the patch promptly.
Remediation
- Apply the Check Point security fix / patched version from the vendor as specified in their advisory (refer to SK182336).
- If immediate patching is not possible, temporarily disable or remove Remote Access VPN and Mobile Access Software Blades, or restrict internet exposure to affected gateways until a patch can be applied.
- Verify that devices are updated to the patched version via the management interface and confirm the vulnerability is mitigated.
- After patching, run a verification check or vulnerability scan to ensure no information exposure remains and monitor for related advisories.
References
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:May 29, 2024
- CISA KEV Date:May 30, 2024
- Days Early:2 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
