Alert: Injection Vulnerability Affecting Gaia Users through Special HTTP Requests
CVE-2024-24914

8HIGH

Key Information:

Vendor: Checkpoint
Status: Clusterxl, Multi-domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management
Vendor: CVE Published:; 7 November 2024

What is CVE-2024-24914?

This vulnerability allows authenticated users of the Check Point Gaia software to inject malicious code or commands into the system through the manipulation of global variables via specially crafted HTTP requests. Such exploitation could lead to unauthorized actions within the application, making it critical for users to apply the available security fix to safeguard their systems. For further details on mitigations, refer to the official support documentation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management Check Point Quantum Gateways versions R81, R81.10, R81.20

References

https://support.checkpoint.com/results/sk/sk182743

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Feb 1, 2024

JSON

Checkpoint

What is CVE-2024-24914?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.