Active Exploitation of High-Severity Vulnerability in Check Point Virtual Private Network (VPN) Products

Published on 31 May 2024

Check Point has released updates addressing a high severity vulnerability (CVE-2024-24919) affecting their VPN products. The vulnerability is reportedly being actively exploited.

Successful exploitation of the vulnerability could allow an attacker to read potentially sensitive information on Internet-exposed Check Point Security Gateways with Remote Access VPN or Mobile Access Software Blades enabled.

The vulnerability affects CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark products in the following versions:

  • R80.20.x
  • R80.20SP (EOL)
  • R80.40 (EOL)
  • R81
  • R81.10
  • R81.10.x
  • R81.20.

Users and administrators of affected products are advised to update to the latest version immediately.

More information is available here: