CVE-2024-24919 – Check Point Security Gateway Information Disclosure

Release date
31 May 2024
Alert rating
High

Description

The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.

Audience

Small & medium businessesOrganisations & Critical InfrastructureGovernment

Current update

The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.

Background / What has happened?

  • The ASD’s ACSC is tracking a vulnerability in Check Points’ Quantum Security Gateway devices.
  • The ASD’s ACSC is aware of active exploitation of vulnerable instances.

Mitigation / How do I stay secure?

  • Australian organisations should review their networks for use of vulnerable instances of Check Points’ Quantum Security Gateway and implement the mitigation advice provided by the vendor.
  • A hotfix for CVE-2024-24919 is available. The ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority.

Assistance / Where can I go for help?

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

TisaAssist
bot
🤖 Hello, how can I assist you today?
I can help you with:
✅ Answer questions related to the website.
✅ Help you understand things you don't know.
❓ What's Tisalabs
💻 What's IoT
🔒 Why sensor data must be protected?