Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 30/05/2024

REF NO : CERT / 2024/05/51

Check Point Products Information Disclosure Vulnerability

Severity Level: Medium

Components Affected

  • CloudGuard Network

  • Quantum Maestro

  • Quantum Scalable Chassis

  • Quantum Security Gateways

  • Quantum Spark Appliances

Overview

A vulnerability was identified in Check Point Products. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.

Note:

The vulnerability CVE-2024-24919 is being used in scattered exploit. The vulnerability potentially allows an attacker to access information on Gateways connected to the Internet, with IPsec VPN, Remote Access VPN or Mobile Access enabled. The risk level is rated to Medium Risk.

Description

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Impact

  • Information Disclosure

Solution/ Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Reference

  1. https://support.checkpoint.com/results/sk/sk182336
  2. https://support.checkpoint.com/results/sk/sk182337

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC