⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-06-20.

CVE-2024-24919 — Check Point VPN: Sensitive Information Exposure in Checkpoint Cloudguard Network Security

CWE-200 — Sensitive Information Exposure14 documents12 sources

Severity

8.6HIGHNVD

EPSS

94.3%

top 0.04%

CISA KEV

KEVRansomware

Added 2024-05-30

Due 2024-06-20

Exploit

Exploited in wild

Active exploitation observed

Affected products

Checkpoint Cloudguard Network Security Checkpoint Quantum Security Gateway Firmware Checkpoint Quantum Spark Firmware

Timeline

PublishedMay 28

KEV addedMay 30

KEV dueJun 20

Latest updateFeb 20

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

▶NVDcheckpoint/cloudguard_network_security4 versions+3

▶NVDcheckpoint/quantum_security_gateway_firmware4 versions+3

▶NVDcheckpoint/quantum_spark_firmware4 versions+3

Patches

Patch: support.checkpoint.com ↗Patch: support.checkpoint.com ↗

🔴Vulnerability Details

CVEList

Information disclosure↗2024-05-28

▶

VulnCheck

Check Point Quantum Security Gateways Information Disclosure Vulnerability↗2024

▶

💥Exploits & PoCs

Exploit-DB

Check Point Security Gateway - Information Disclosure (Unauthenticated)↗2024-05-31

▶

Nuclei

Check Point Quantum Gateway - Information Disclosure

▶

Metasploit

Check Point Security Gateway Arbitrary File Read↗

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Checkpoint Quantum Security Gateway Arbitrary File Read Attempt (CVE-2024-24919)↗2024-05-30

▶

📋Vendor Advisories

CISA

Check Point Quantum Security Gateways Information Disclosure Vulnerability↗2024-05-30

▶

🕵️Threat Intelligence

Bleepingcomputer

New NailaoLocker ransomware used against EU healthcare orgs↗2025-02-20

▶

Qualys

Check Point Gateway Info Leak: CVE-2024-24919 Alert | Qualys↗2024-06-07

▶

Qualys

Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)↗2024-06-07

▶

Greynoiseio

What’s Going on With Check Point (CVE-2024-24919)?↗2024-06-04

▶

Bleepingcomputer

Check Point releases emergency fix for VPN zero-day exploited in attacks↗2024-05-29

▶