JVNDB-2024-004623

[Japanese]
JVNDB-2024-004623
Multiple products from Check Point Software Technologies vulnerable to information disclosure
Overview
Multiple products from Check Point Software Technologies contain an information disclosure vulnerability (CWE-200,CVE-2024-24919). JPCERT/CC coordinated with Check Point Software Technologies to publish this advisory in order to notify users of this vulnerability.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 8.6 (High) [Other] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality Impact: High Integrity Impact: None Availability Impact: None
Affected Products

Check Point Software Technologies CloudGuard Network Quantum Scalable Chassis Quantum Security Gateways Quantum Maestro Quantum Spark Appliances
Note that, those products are affected only when configured as the following. CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliance * IPSec VPN Software Blade is enabled, and the Security Gateway is added to a Remote Access VPN community or * Mobile Access Software Blade is enabled When using Quantum Spark Appliance with local management * Remote Access feature is enabled For more details, refer to the information provided by the developer
Impact
A remote attacker may obtain sensitive information stored in the product without authentication.
Solution
[Apply the Hotfix] Apply the appropriate hotfix according to the information provided by the developer. [Apply the workarounds] The developer recommends applying workarounds in addition to applying the hotfix. For more details, refer to the information provided by the developer.
Vendor Information
Check Point Software Technologies Check Point Advisories : CPAI-2024-0353 \| Check Point VPN Information Disclosure (CVE-2024-24919) Check Point Support Center : sk182336 \| Preventative Hotfix for CVE-2024-24919 - Quantum Gateway Information Disclosure Check Point Support Center : sk182357 \| Preventative Hotfix for CVE-2024-24919 - Quantum Spark Gateways Yamaha Corporation FAQ for YAMAHA RT Series / Security : Yamaha Corporation website (in Japanese)
CWE (What is CWE?)
Information Exposure(CWE-200) [Other]
CVE (What is CVE?)
CVE-2024-24919
References
JVN : JVNVU#98330908 National Vulnerability Database (NVD) : CVE-2024-24919 JPCERT : Regarding Check Point Software Technologies VPN Information Disclosure vulnerability (CVE-2024-24919) in Japanese
Revision History
[2024/07/25] Web page was published [2024/10/24] Vendor Information : Content was added


Date Public	2024/07/25
Date First Published	2024/07/29
Date Last Updated	2024/10/24

Multiple products from Check Point Software Technologies vulnerable to information disclosure