CVE-2024-24919
Published: 28 May 2024
Summary
CVE-2024-24919 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Checkpoint Quantum Spark Firmware. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2024-24919 is an information disclosure vulnerability affecting Check Point Security Gateways that are connected to the internet and have the Remote Access VPN or Mobile Access Software Blades enabled. It carries a CVSS 3.1 score of 8.6 and is associated with CWE-200, allowing unauthorized exposure of certain internal information without requiring authentication.
An unauthenticated attacker with network access can exploit the flaw remotely to read sensitive data from the gateway. The attack requires no user interaction and produces a high confidentiality impact while leaving integrity and availability unaffected.
Check Point has published a security fix in SK182336 that mitigates the issue. The vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, and its EPSS score has reached a peak of 0.9582 with a current value of 0.9434, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-22282
Vulnerability details
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
- CWE(s)
- KEV Date Added
- 30 May 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Restricts network exposure of internet-facing Security Gateways, directly blocking unauthenticated remote access to the vulnerable Remote Access VPN/Mobile Access interfaces.
Enforces authorization, encryption, and monitoring requirements for all remote access connections, preventing the unauthenticated information disclosure path described in the CVE.
Requires prompt application of the vendor security fix (sk182336) that eliminates the information disclosure flaw before exploitation can occur.