CVE-2024-24919

Name: CVE-2024-24919
Creator: NVD / NIST
Published: 2024-05-28T19:15:10.06+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10Actively ExploitedEPSS 99.98%

Last modified Jun 17, 2026

CVE-2024-24919 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.. CISA has confirmed active exploitation in the wild. EPSS estimates a 99.98% chance of exploitation in the next 30 days.

Description

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

99.98%

100.0th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 20, 2024.

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Checkpoint	Quantum Spark Firmware	r80.40
Checkpoint	Quantum Spark Firmware	r81
Checkpoint	Quantum Security Gateway Firmware	r80.40
Checkpoint	Cloudguard Network Security	r80.40
Checkpoint	Cloudguard Network Security	r81
Checkpoint	Cloudguard Network Security	r81.10
Checkpoint	Cloudguard Network Security	r81.20
Checkpoint	Quantum Security Gateway Firmware	r81.20
Checkpoint	Quantum Security Gateway Firmware	r81.10
Checkpoint	Quantum Security Gateway Firmware	r81
Checkpoint	Quantum Spark Firmware	r81.10
Checkpoint	Quantum Spark Firmware	r80.20

References

https://support.checkpoint.com/results/sk/sk182336Mitigation, Patch, Vendor Advisory
https://support.checkpoint.com/results/sk/sk182336Mitigation, Patch, Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919US Government Resource
https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/Third Party Advisory

Timeline

Published: May 28, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-24919?

How severe is CVE-2024-24919?

CVE-2024-24919 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 99.98% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2024-24919?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-24919?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST