- 165/2024
- High
Check Point has released security updates to fix a zero-day vulnerability across multiple Check Point products.
The addressed vulnerability could allow the remote attacker to gain unauthorized access to sensitive information on the affected systems once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.
Check Point Security Gateways with remote Access VPN information disclosure vulnerability (CVE-2024-24919):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Affected products:
- Check Point Quantum Gateway.
- Check Point CloudGuard Network versions R81.20, R81.10, R81, R80.40.
- Check Point Spark versions R81.10, R80.20.
It should be highlighted that Check Point is aware that the zero-day vulnerability “CVE-2024-24919” is being exploited in the wild.
Vulnerabilities
CVE-2024-24919
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.