Cyber Resilience

CVE-2024-24919

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 28 May 2024

Published
28 May 2024
Modified
24 October 2025
KEV Added
30 May 2024
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.9434 100.0th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24919 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Checkpoint Quantum Spark Firmware. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2024-24919 is an information disclosure vulnerability affecting Check Point Security Gateways that are connected to the internet and have the Remote Access VPN or Mobile Access Software Blades enabled. It carries a CVSS 3.1 score of 8.6 and is associated with CWE-200, allowing unauthorized exposure of certain internal information without requiring authentication.

An unauthenticated attacker with network access can exploit the flaw remotely to read sensitive data from the gateway. The attack requires no user interaction and produces a high confidentiality impact while leaving integrity and availability unaffected.

Check Point has published a security fix in SK182336 that mitigates the issue. The vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, and its EPSS score has reached a peak of 0.9582 with a current value of 0.9434, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

CWE(s)
KEV Date Added
30 May 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

checkpoint
quantum spark firmware
r80.20, r80.40, r81, r81.10
checkpoint
quantum security gateway firmware
r80.40, r81, r81.10, r81.20
checkpoint
cloudguard network security
r80.40, r81, r81.10, r81.20

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts network exposure of internet-facing Security Gateways, directly blocking unauthenticated remote access to the vulnerable Remote Access VPN/Mobile Access interfaces.

prevent

Enforces authorization, encryption, and monitoring requirements for all remote access connections, preventing the unauthenticated information disclosure path described in the CVE.

prevent

Requires prompt application of the vendor security fix (sk182336) that eliminates the information disclosure flaw before exploitation can occur.

References