CVE-2024-24914

Published: Nov 7, 2024

Modified: Nov 7, 2024

PUBLISHED

CVSS v3.1

8.0

HIGH

Description

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.

Vendor	Product	Versions
checkpoint	ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management	affected `Check Point Quantum Gateways versions R81, R81.10, R81.20`

Weaknesses (CWE)

CWE-914

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://support.checkpoint.com/results/sk/sk182743

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-24914

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References