CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jun 20, 2024

CVE-2024-24919

High

EPSS 94.3%CISA KEVRansomware

Check Point/Quantum Security Gateways

Description

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

EPSS — Exploit Probability

94.3%

Higher than 100.0% of all CVEs

Required Action

https://support.checkpoint.com/results/sk/sk182336 ; https://nvd.nist.gov/vuln/detail/CVE-2024-24919

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 94.3%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

May 30, 2024

Added to KEV

May 30, 2024

Remediation Due

Jun 20, 2024

Affected Product

Check Point

Quantum Security Gateways

View all Check Point CVEs

External Links

NVD (NIST)CVE Details MITRE CVE