CVE-2024-24919

Description

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

References

https://www.rapid7.com/blog/post/2024/06/21/metasploit-weekly-wrap-up-06-21-2024/

https://sumedh00.medium.com/i-reported-zero-day-cve-2024-24919-and-got-informative-25409fac9765?source=rss------hacking-5

https://sumedh00.medium.com/i-reported-zero-day-cve-2024-24919-and-got-informative-25409fac9765?source=rss------bug_bounty-5

https://blog.qualys.com/vulnerabilities-threat-research/2024/06/07/check-point-security-gateway-information-disclosure-vulnerability-cve-2024-24919

https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919

https://www.theregister.com/2024/06/03/infosec_in_brief/

https://medium.com/@verylazytech/cve-2024-24919-poc-bfd6508829bc?source=rss------hacking-5

https://medium.com/@verylazytech/cve-2024-24919-poc-bfd6508829bc?source=rss------exploit-5

https://medium.com/@verylazytech/cve-2024-24919-poc-bfd6508829bc?source=rss------cybersecurity-5

https://securityaffairs.com/164015/breaking-news/security-affairs-newsletter-round-474-by-pierluigi-paganini-international-edition.html

https://medium.com/@harboot/the-growing-threat-of-cyber-crime-exploiting-system-vulnerabilities-dfaa9babbc03?source=rss------vulnerability-5

https://medium.com/@harboot/the-growing-threat-of-cyber-crime-exploiting-system-vulnerabilities-dfaa9babbc03?source=rss------cybersecurity-5

https://medium.com/@jr.mayank1999/exploit-poc-of-cve-2024-24919-0077396a90bd?source=rss------exploit-5

https://medium.com/@jr.mayank1999/exploit-poc-of-cve-2024-24919-0077396a90bd?source=rss------cve-5

https://nahid0x1.medium.com/exploiting-cve-2024-24919-information-disclosure-in-check-point-quantum-gateway-6a5f8979e479?source=rss------vulnerability-5

https://nahid0x1.medium.com/exploiting-cve-2024-24919-information-disclosure-in-check-point-quantum-gateway-6a5f8979e479?source=rss------security-5

https://nahid0x1.medium.com/exploiting-cve-2024-24919-information-disclosure-in-check-point-quantum-gateway-6a5f8979e479?source=rss------cve-5

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/

https://www.hivepro.com/threat-advisory/check-point-fixes-zero-day-cve-2024-24919-exploited-in-the-wild/

https://thecyberthrone.in/2024/05/31/cisa-kev-catalog-update-may-2024-part-iv/

https://securityaffairs.com/163896/security/cisa-check-point-quantum-security-gateways-linux-kernel-flaws-known-exploited-vulnerabilities-catalog.html

https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/

https://thecyberthrone.in/2024/05/30/checkpoint-fixed-zeroday-flaw-cve-2024-24919/

https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-patch.html

https://securityaffairs.com/163850/digital-id/check-point-vpn-zero-day-hotfix.html

https://www.tenable.com/blog/cve-2024-24919-check-point-security-gateway-information-disclosure-zero-day-exploited-in-the

https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/

https://www.bleepingcomputer.com/news/security/check-point-vpn-zero-day-exploited-in-attacks-since-april-30/

https://blog.checkpoint.com/security/enhance-your-vpn-security-posture

https://support.checkpoint.com/results/sk/sk182336

https://support.checkpoint.com/results/sk/sk182336

https://blog.checkpoint.com/security/enhance-your-vpn-security-posture

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3