TR-86 - Check Point VPN Information Disclosure (CVE-2024-24919) - Actively Exploited

A critical information disclosure vulnerability (CVE-2024-24919) exists in Check Point VPN. Successful exploitation of this vulnerability allows a remote attacker to obtain sensitive information, including key materials, user credentials, and configuration files from the operating system.

Vulnerable Version And Products

  • Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40.
  • Check Point Spark versions R81.10, R80.20.
  • CloudGuard Network
  • Quantum Maestro
  • Quantum Scalable Chassis
  • Quantum Security Gateways
  • Quantum Spark Appliances


Check point published Preventative Hotfix for CVE-2024-24919 - Quantum Gateway Information Disclosure which includes the details about the hotfix to prevent the exploitation of the vulnerability.

The document also includes important extra measures to reset the sensitive information from an exposed device. We strongly recommend to apply those extra measures especially for publicly exposed VPN services.

Check Point mentions a script to check for local users with password-only authentication, but the vulnerability can affect much more than just the credentials. Therefore, we strongly recommend not only relying on information from the vendors but also from organizations evaluating the vulnerability.

Detection and investigative assessment

  • Review any suspicious access and audit log.

Known affected software in Luxembourg

A significant number of vulnerable devices were discovered in Luxembourg, and notifications have been sent to the ISPs and available contact points.

Due to the simplicity of exploitation, threat actors may have already collected various credentials and could conduct additional actions in the coming weeks.


Classification of this document

TLP:CLEAR information may be distributed without restriction, subject to copyright controls.


  • Version 1.0 - TLP:CLEAR - First version - 31st May 2024