Check Point VPN Quantum Gateway Information Disclosure

🏭 Check PointCWE-200#VPN#Information Disclosure#Credential Theft#Network

8.6Critical

010.0

Vulnerability Description

A critical information disclosure vulnerability in Check Point Security Gateway VPN allows unauthenticated attackers to extract credentials, private keys, and sensitive configuration from the device via a crafted HTTP request.

Recommended Mitigation

Apply Check Point hotfix immediately. Disable password-only authentication on VPN. Rotate all credentials accessible from the VPN device.

Affected Products

Check Point CloudGuard Network

Check Point Quantum Security Gateway

Check Point Security Management

Version constraint: R80.40, R81, R81.10, R81.20 (before May 2024 hotfix)

Official References

https://support.checkpoint.com/results/sk/sk182357 https://nvd.nist.gov/vuln/detail/CVE-2024-24919

Quick Facts

Published: 2024-05-28
Last Modified: 2024-06-01
Vendor: Check Point
CWE: CWE-200
Exploit: ⚠️ Public Exploit Exists

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

View on NVD ← Back to Advisory Feed