5 advisories tracked · Check Point (cve@checkpoint.com CNA) via NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in Check Point's recent advisories.
Check Point (cve@checkpoint.com CNA) via NVD
Check Point is its own CVE Numbering Authority. VulniPulse ingests Check Point's CVEs from the NVD CNA feed (cve@checkpoint.com), each linking to its support.checkpoint.com advisory. Covers Quantum Security Gateway / Spark, the Gaia OS, Quantum Maestro, Harmony Endpoint / Mobile, CloudGuard and the Security Management server — its Quantum VPN/gateways were mass-exploited (CVE-2024-24919), a top network-security target.
Visit Check Point security advisoriesWhen the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Local user may lead to privilege escalation using Gaia Portal hostnames page.