1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Check Point Quantum Security Gateways Information Disclosure Vulnerability

Known Exploited Vulnerabilities CVE-2024-24919 Mappings

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability secondary_impact T1003.003 NTDS
Comments
CVE-2024-24919 is an information disclosure/arbitrary file read vulnerability within Check Point's Quantum Security Gateway products. It's been reported that attacker are leveraging this vulnerability to retrieve, all files on the local file system, read sensitive data and extract credentials for all local accounts, including Active Directory, SSH keys, and certificates.
References
  1. https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
  2. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
  3. https://censys.com/cve-2024-24919/
  4. https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/
CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability secondary_impact T1003.008 /etc/passwd and /etc/shadow
Comments
CVE-2024-24919 is an information disclosure/arbitrary file read vulnerability within Check Point's Quantum Security Gateway products. It's been reported that attacker are leveraging this vulnerability to retrieve, all files on the local file system, read sensitive data and extract credentials for all local accounts, including Active Directory, SSH keys, and certificates.
References
  1. https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
  2. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
  3. https://censys.com/cve-2024-24919/
  4. https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/
CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability secondary_impact T1059.004 Unix Shell
Comments
CVE-2024-24919 is an information disclosure/arbitrary file read vulnerability within Check Point's Quantum Security Gateway products. It's been reported that attacker are leveraging this vulnerability to retrieve, all files on the local file system, read sensitive data and extract credentials for all local accounts, including Active Directory, SSH keys, and certificates.
References
  1. https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
  2. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
  3. https://censys.com/cve-2024-24919/
  4. https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/
CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability primary_impact T1005 Data from Local System
Comments
CVE-2024-24919 is an information disclosure/arbitrary file read vulnerability within Check Point's Quantum Security Gateway products. It's been reported that attacker are leveraging this vulnerability to retrieve, all files on the local file system, read sensitive data and extract credentials for all local accounts, including Active Directory, SSH keys, and certificates.
References
  1. https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
  2. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
  3. https://censys.com/cve-2024-24919/
  4. https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/
CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability exploitation_technique T1202 Indirect Command Execution
Comments
CVE-2024-24919 is an information disclosure/arbitrary file read vulnerability within Check Point's Quantum Security Gateway products. It's been reported that attacker are leveraging this vulnerability to retrieve, all files on the local file system, read sensitive data and extract credentials for all local accounts, including Active Directory, SSH keys, and certificates.
References
  1. https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919
  2. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
  3. https://censys.com/cve-2024-24919/
  4. https://www.rapid7.com/blog/post/2024/05/30/etr-cve-2024-24919-check-point-security-gateway-information-disclosure/