3 advisories tracked · Check Point (cve@checkpoint.com CNA) via NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in Check Point's recent advisories.
Check Point (cve@checkpoint.com CNA) via NVD
Check Point is its own CVE Numbering Authority. VulniPulse ingests Check Point's CVEs from the NVD CNA feed (cve@checkpoint.com), each linking to its support.checkpoint.com advisory. Covers Quantum Security Gateway / Spark, the Gaia OS, Quantum Maestro, Harmony Endpoint / Mobile, CloudGuard and the Security Management server — its Quantum VPN/gateways were mass-exploited (CVE-2024-24919), a top network-security target.
Visit Check Point security advisoriesCredentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.