Alert: Injection Vulnerability Affecting Gaia Users through Special HTTP Requests
CVE-2024-24914

8HIGH

Key Information:

Vendor: Checkpoint
Status: Clusterxl, Multi-domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management
Vendor: CVE Published:; 7 November 2024

Summary

This vulnerability allows authenticated users of the Check Point Gaia software to inject malicious code or commands into the system through the manipulation of global variables via specially crafted HTTP requests. Such exploitation could lead to unauthorized actions within the application, making it critical for users to apply the available security fix to safeguard their systems. For further details on mitigations, refer to the official support documentation.

Affected Version(s)

ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management Check Point Quantum Gateways versions R81, R81.10, R81.20

References

https://support.checkpoint.com/results/sk/sk182743

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Feb 1, 2024