information disclosure in Check Point VPN products (CVE-2024-24919) #shorts #breaking

CVE

This video focuses on CVE-2024-24919, a critical information disclosure vulnerability in Check Point VPN products. Discovered just this month, it is currently classified as a zero-day vulnerability. Exploitation details are yet unknown, but those affected are users of Check Point Quantum Gateway, Spark Gateway, and CloudGuard Network, particularly those using Remote Access VPN or Mobile Access Software Blades. If exploited, hackers could potentially read sensitive information on the affected Check Point Security Gateways.

Watch the full video on YouTube: CVE-2024-24919

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-24919
Description
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Provider
checkpoint
CWE / problem types
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Affected Software Versions
checkpoint:Check Point Quantum Gateway, Spark Gateway and CloudGuard Network:[{'status': 'affected', 'version': 'Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20.'}]
Date Published
2024-05-28T18:22:19.401Z
Last Updated
2024-08-01T23:36:20.565Z