CVE-2024-24919 HIGH

CVE-2024-24919: Information disclosure

Vendor Checkpoint

Product Check Point Quantum Gateway, Spark Gateway and CloudGuard Network

Weakness CWE-200 · Info exposure

KEV Status Known Exploited

Ransomware Used in campaigns

Published May 28, 2024

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

May 28, 2024 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-24919 CISA KEV Reference https://support.checkpoint.com/results/sk/sk182336 CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2024-24919

Related vulnerabilities

Identifiers

CVE CVE-2024-24919

CWE CWE-200

CVSS 8.6 / HIGH

Affected versions