CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

CVSS v3.0 8.6 HIGH

8.6^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.checkpoint.com/results/sk/sk182336	Mitigation Patch Vendor Advisory
https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/	Third Party Advisory
https://support.checkpoint.com/results/sk/sk182336	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.40:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:checkpoint:quantum_spark_firmware:r81:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:checkpoint:cloudguard_network_security:r81.20:::::::*
	cpe:2.3:a:checkpoint:cloudguard_network_security:r81.10:::::::*
	cpe:2.3:a:checkpoint:cloudguard_network_security:r80.40:::::::*
	cpe:2.3:a:checkpoint:cloudguard_network_security:r81:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.20:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.10:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:checkpoint:quantum_spark_firmware:r81.10:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.20:*:*:*:*:*:*:*

cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*

History

30 Jul 2025, 19:25

Type	Values Removed	Values Added
CPE	cpe:2.3:a:checkpoint:cloudguard_network_security:r81.0:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.0:::::::*	cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:::::::* cpe:2.3:o:checkpoint:quantum_spark_firmware:r81:::::::* cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.40:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r81:::::::*
References	~~() https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/ -~~	() https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/ - Third Party Advisory

30 Jul 2025, 02:17

Type	Values Removed	Values Added
References		() https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/ -

31 May 2024, 16:04

Type	Values Removed	Values Added
First Time		Checkpoint Checkpoint quantum Security Gateway Firmware Checkpoint quantum Spark Checkpoint quantum Security Gateway Checkpoint quantum Spark Firmware Checkpoint cloudguard Network Security
References	~~() https://support.checkpoint.com/results/sk/sk182336 -~~	() https://support.checkpoint.com/results/sk/sk182336 - Mitigation, Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.6
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:checkpoint:cloudguard_network_security:r81.20:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r81.10:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.20:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.0:::::::* cpe:2.3:o:checkpoint:quantum_spark_firmware:r81.10:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r80.40:::::::* cpe:2.3:o:checkpoint:quantum_spark_firmware:r80.20:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:::::::* cpe:2.3:h:checkpoint:quantum_security_gateway:-:::::::* cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81.10:::::::* cpe:2.3:a:checkpoint:cloudguard_network_security:r81.0:::::::* cpe:2.3:h:checkpoint:quantum_spark:-:::::::*

28 May 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-28 19:15

Updated : 2025-07-30 19:25

NVD link : CVE-2024-24919

Mitre link : CVE-2024-24919

JSON object : View

Products Affected

checkpoint

quantum_security_gateway_firmware
quantum_spark
cloudguard_network_security
quantum_security_gateway
quantum_spark_firmware

CWE

NVD-CWE-noinfo

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

JSON object

Attach tags to CVE-2024-24919

8.6^/10

Attach tags to `CVE-2024-24919`