cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-24911,https://securityvulnerability.io/vulnerability/CVE-2024-24911,Unexpected Process Exit in Check Point Security Management Server,"The cpca process on the Check Point Security Management Server or Domain Management Server may exit unexpectedly under rare circumstances, resulting in a core dump file. This unexpected termination can lead to connectivity challenges for VPN and SIC, particularly if the Certificate Revocation List (CRL) is absent from the Security Gateway's CRL cache, potentially impacting network security functionality.",Checkpoint,"Multi-domain Security Management, Quantum Security Management",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-06T13:46:11.824Z,0
CVE-2024-24914,https://securityvulnerability.io/vulnerability/CVE-2024-24914,Alert: Injection Vulnerability Affecting Gaia Users through Special HTTP Requests,"This vulnerability allows authenticated users of the Check Point Gaia software to inject malicious code or commands into the system through the manipulation of global variables via specially crafted HTTP requests. Such exploitation could lead to unauthorized actions within the application, making it critical for users to apply the available security fix to safeguard their systems. For further details on mitigations, refer to the official support documentation.",Checkpoint,"Clusterxl, Multi-domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management",8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T11:25:53.238Z,0
CVE-2024-24919,https://securityvulnerability.io/vulnerability/CVE-2024-24919,Check Point Security Gateways Vulnerability Allows Remote Access Attacks,"A vulnerability exists within Check Point Security Gateways that could allow attackers to access sensitive information once the device is connected to the internet, specifically when the remote Access VPN or Mobile Access Software Blades are enabled. This could pose significant risks to network integrity and confidentiality, particularly if exploited by malicious actors. Check Point has released a security fix to address this issue, urging users to apply the update to safeguard their systems.",Checkpoint,"Check Point Quantum Gateway, Spark Gateway And Cloudguard Network",8.6,HIGH,0.963919997215271,true,2024-05-30T00:00:00.000Z,true,true,true,2024-05-29T11:27:00.000Z,true,true,true,2024-05-30T11:52:02.666Z,2024-05-28T18:22:19.401Z,110353
CVE-2024-24912,https://securityvulnerability.io/vulnerability/CVE-2024-24912,Local Privilege Escalation Vulnerability Affects Harmony Endpoint Security Client for Windows,"A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.",Checkpoint,Harmony Endpoint Security Client For Windows,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T13:22:48.486Z,0
CVE-2023-28134,https://securityvulnerability.io/vulnerability/CVE-2023-28134,Local Privliege Escalation in Check Point Endpoint Security Remediation Service,"A local attacker can exploit this vulnerability to escalate privileges on affected installations of Check Point Harmony Endpoint and ZoneAlarm Extreme Security. The attacker must first gain the ability to execute low-privileged code on the target system, making it crucial to mitigate such weak points in system security.",Checkpoint,Harmony Endpoint.,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-11-12T23:15:00.000Z,0
CVE-2023-28130,https://securityvulnerability.io/vulnerability/CVE-2023-28130,Privilege Escalation Vulnerability in Check Point Gaia Portal,"A local user can exploit a vulnerability in the Check Point Gaia Portal's hostnames page, potentially leading to unauthorized privilege escalation. This weakness enables attackers to execute commands at elevated levels, compromising system integrity and security. Administrators are advised to review this issue promptly and apply necessary patches to mitigate risks associated with this flaw.",Checkpoint,"Quantum Appliances, Quantum Security Gateways",7.2,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-07-26T11:15:00.000Z,0
CVE-2023-28133,https://securityvulnerability.io/vulnerability/CVE-2023-28133,Local Privilege Escalation in Check Point Endpoint Security Client,"A local privilege escalation vulnerability exists in the Check Point Endpoint Security Client, specifically in version E87.30. This issue arises due to a crafted OpenSSL configuration file that can exploit the system, potentially allowing unauthorized users to gain elevated privileges. It is crucial for users of this product to review their configurations and apply necessary mitigations to safeguard their systems from potential exploitation.",Checkpoint,Harmony Endpoint.,7.8,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2023-07-23T10:15:00.000Z,0
CVE-2022-23746,https://securityvulnerability.io/vulnerability/CVE-2022-23746,Brute-Force Vulnerability in Check Point's IPsec VPN and SSL Network Extender,"The IPsec VPN blade from Check Point features a portal intended for users to download and connect through the SSL Network Extender (SNX). When the portal is set up to utilize username and password authentication, it becomes susceptible to brute-force attacks, allowing malicious actors to systematically attempt various username and password combinations to gain unauthorized access.",Checkpoint,"Gateway & Management, Ipsec Vpn Blade Snx Portal.",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2022-11-30T00:00:00.000Z,0
CVE-2022-41604,https://securityvulnerability.io/vulnerability/CVE-2022-41604,Privilege Escalation in Check Point ZoneAlarm Extreme Security,"A local privilege escalation vulnerability exists in Check Point ZoneAlarm Extreme Security prior to version 15.8.211.19229. This vulnerability stems from inadequate permissions assigned to the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory. It enables a local attacker to exploit a bypass in the self-protection driver, allowing the creation of a junction directory. Through this exploit, an attacker can move arbitrary files with the privileges of NT AUTHORITY\SYSTEM, potentially leading to unauthorized access and control over sensitive system resources.",Checkpoint,Zonealarm,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-27T02:17:14.000Z,0
CVE-2022-23745,https://securityvulnerability.io/vulnerability/CVE-2022-23745,Memory Corruption Vulnerability in Capsule Workspace Android App by GrapheneOS,"A potential memory corruption issue was identified in the Capsule Workspace Android app on GrapheneOS. This vulnerability could lead to application crashes, although it does not have the capability to expose sensitive information. Users should remain vigilant regarding app stability while using the affected version.",Checkpoint,Checkpoint Harmony Capsule Workspace,7.5,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2022-07-18T16:09:20.000Z,0
CVE-2022-23744,https://securityvulnerability.io/vulnerability/CVE-2022-23744,Endpoint Protection Flaw in Check Point Software,"Check Point Endpoint versions prior to E86.50 contain a vulnerability that allows local administrators to manipulate the system registry. This manipulation can disable critical endpoint protection features, potentially exposing the system to greater risks. Organizations using affected versions should update as soon as possible to maintain the integrity of their endpoint security.",Checkpoint,Enterprise Endpoint Security Windows Clients.,2.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-07T15:51:44.000Z,0
CVE-2022-23742,https://securityvulnerability.io/vulnerability/CVE-2022-23742,File Manipulation Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows contains a file manipulation vulnerability that impacts versions prior to E86.40. This flaw allows an attacker to manipulate forensic report files by replacing them with malicious content from directories with inadequate access restrictions. Exploiting this vulnerability could lead to further attacks on unpatched systems, particularly through established vulnerabilities like CVE-2020-0896 or by leveraging symbolic links.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-12T19:23:18.000Z,0
CVE-2021-30361,https://securityvulnerability.io/vulnerability/CVE-2021-30361,Command Injection Vulnerability in Check Point Gaia Portal Admin Interface,"Authenticated administrators with access to the GUI Clients settings in Check Point Gaia Portal are able to inject malicious commands that execute on the Gaia OS. This vulnerability can potentially compromise the system's integrity, allowing unauthorized actions on the affected platform.",Checkpoint,Check Point Gaia Portal,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-11T16:42:52.000Z,0
CVE-2022-23743,https://securityvulnerability.io/vulnerability/CVE-2022-23743,Privilege Escalation Vulnerability in Check Point ZoneAlarm,"The vulnerability in Check Point ZoneAlarm allows local actors to escalate their privileges during the software upgrade process. This flaw is exacerbated by inadequate permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory, enabling attackers to execute arbitrary file writes. Consequently, attackers can gain elevated privileges, allowing them to execute code with local system rights, which can compromise the security of the affected system.",Checkpoint,Zonealarm.,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-05-11T00:00:00.000Z,0
CVE-2021-30360,https://securityvulnerability.io/vulnerability/CVE-2021-30360,Directory Access Vulnerability in Check Point Remote Access Client,"This vulnerability enables unauthorized users to access the installation repair directory of the Check Point Remote Access Client. As the Microsoft Installer permits regular users to execute repair operations, an attacker can exploit this by initiating a repair and placing a maliciously crafted executable file in the repair directory. This executable runs with the privileges assigned to the Check Point Remote Access Client, potentially allowing the attacker to execute arbitrary code and compromise the system's security.",Checkpoint,Check Point Remote Access Client,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-01-10T14:10:00.000Z,0
CVE-2021-30359,https://securityvulnerability.io/vulnerability/CVE-2021-30359,Privilege Escalation in Check Point Harmony Browse and SandBlast Agent for Browsers Installers,"A security issue exists in Check Point's Harmony Browse and SandBlast Agent for Browsers due to improper privilege handling during the installation process. The installers require administrative privileges for certain steps, yet the Microsoft Installer allows standard users to perform repairs on installations. This misconfiguration permits an attacker to exploit the installation process by triggering a repair operation using a malicious installer version prior to 90.08.7405, enabling the insertion of a specially crafted binary into the repair folder. When executed, this binary operates with elevated admin privileges, potentially compromising system integrity and security.",Checkpoint,Check Point Harmony Browse And Sandblast Agent For Browsers,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-10-22T13:32:54.000Z,0
CVE-2021-30358,https://securityvulnerability.io/vulnerability/CVE-2021-30358,Path Manipulation Vulnerability in Check Point Mobile Access Portal,"The vulnerability allows the Mobile Access Portal Native Applications to execute applications from unauthorized locations. This occurs when the administrator defines the application's path using environment variables, potentially leading to privileged actions or unauthorized access due to improper handling of application execution paths.",Checkpoint,Check Point Mobile Access Portal Agent,7.2,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2021-10-19T13:32:46.000Z,0
CVE-2021-30357,https://securityvulnerability.io/vulnerability/CVE-2021-30357,Configuration File Disclosure in Check Point SSL Network Extender for Linux,"The SSL Network Extender Client for Linux prior to build 800008302 exposes sensitive parts of its configuration file. This vulnerability allows an unauthorized user to partially access files and information they should not have permission to view, potentially leading to the disclosure of sensitive data.",Checkpoint,Ssl Network Extender Client For Linux,5.3,MEDIUM,0.0006500000017695129,false,,false,false,true,2023-06-18T21:52:28.000Z,true,false,false,,2021-06-08T13:31:53.000Z,0
CVE-2021-30356,https://securityvulnerability.io/vulnerability/CVE-2021-30356,Denial of Service Vulnerability in Check Point Identity Agent,"A denial of service vulnerability exists in Check Point Identity Agent prior to version R81.018.0000, which may allow low privileged users to overwrite critical system files, potentially leading to service disruption or unauthorized access. It is imperative for users and IT teams to review their deployment of the affected versions and apply necessary updates to mitigate the risk associated with this vulnerability.",Checkpoint,Check Point Identity Agent,8.1,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-04-22T17:37:06.000Z,0
CVE-2020-6024,https://securityvulnerability.io/vulnerability/CVE-2020-6024,Local Privilege Escalation Vulnerability in Check Point SmartConsole,"A vulnerability exists in Check Point SmartConsole that allows for local privilege escalation. This issue arises when executables are run from a directory that provides write access to all authenticated users. If exploited, this vulnerability could allow low-privileged users to execute arbitrary code with elevated privileges, thereby compromising system integrity and security.",Checkpoint,Check Point Smartconsole,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-01-20T18:17:53.000Z,0
CVE-2020-6021,https://securityvulnerability.io/vulnerability/CVE-2020-6021,Directory Write Access Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows prior to version E84.20 contains a vulnerability that permits unauthorized write access to the directory used for installation repairs. This flaw leverages the Microsoft Installer's permissions, allowing any regular user the capability to initiate a repair process. An attacker may exploit this by placing a maliciously crafted DLL in the repair directory, which subsequently runs with escalated privileges of the Endpoint Client. This could lead to unauthorized actions being performed on the system, potentially compromising sensitive information and overall system integrity.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-03T13:31:22.000Z,0
CVE-2020-6015,https://securityvulnerability.io/vulnerability/CVE-2020-6015,Denial of Service vulnerability in Check Point Endpoint Security for Windows,"A vulnerability exists in Check Point Endpoint Security for Windows prior to version E84.10 that may allow an attacker to initiate a denial of service condition. This can occur during a clean installation of the client, leading to the failure of service log files to be stored in their expected locations. Users of affected products should ensure they upgrade to the latest version to mitigate potential security risks.",Checkpoint,Check Point Endpoint Security For Windows,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-11-05T19:37:06.000Z,0
CVE-2020-6014,https://securityvulnerability.io/vulnerability/CVE-2020-6014,Code Execution Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows, specifically versions prior to E83.20, contains a vulnerability where the system attempts to load a non-existent DLL during a Domain Name query. An attacker with administrator permissions can exploit this flaw to execute arbitrary code within a legitimate Check Point signed binary. This may potentially lead to client termination under specific circumstances, posing a serious risk to system integrity and security.",Checkpoint,Check Point Endpoint Security Client For Windows,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-30T14:22:05.000Z,0
CVE-2020-6023,https://securityvulnerability.io/vulnerability/CVE-2020-6023,Privilege Escalation Vulnerability in Check Point ZoneAlarm,"A vulnerability in Check Point's ZoneAlarm software allows a local actor to escalate privileges when restoring files protected by the Anti-Ransomware feature. This issue affects all versions prior to 15.8.139.18543, potentially enabling unauthorized access to system resources and sensitive data. Users are encouraged to upgrade to the latest version to mitigate this risk.",Checkpoint,Check Point Zonealarm,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-27T13:52:57.000Z,0
CVE-2020-6022,https://securityvulnerability.io/vulnerability/CVE-2020-6022,File Deletion Vulnerability in Check Point ZoneAlarm Security Software,A vulnerability in Check Point's ZoneAlarm security software allows a local user to delete arbitrary files during the restoration process in the Anti-Ransomware feature. This flaw poses a significant risk to data integrity and confidentiality as it can be exploited to disrupt normal operations and compromise sensitive information.,Checkpoint,Check Point Zonealarm,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-27T13:50:50.000Z,0