Main Vulnerability Database SB2024052951

SB2024052951 - Information disclosure in Check Point Quantum Gateway

Published: May 29, 2024 Updated: February 25, 2025

Security Bulletin ID SB2024052951

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2024-24919)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a insufficient validation of file path in Security Gateways with IPSec VPN, Remote Access VPN and the Mobile Access software blade. A remote non-authenticated attacker can send a specially crafted HTTP request and view arbitrary files on the system.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

https://support.checkpoint.com/results/sk/sk182336
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture