Vulnerabilities (CVE)

Filtered by vendor Checkpoint Subscribe
Filtered by product Quantum Security Gateway
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-24919 1 Checkpoint 5 Cloudguard Network Security, Quantum Security Gateway, Quantum Security Gateway Firmware and 2 more 2024-11-21 N/A 8.6 HIGH
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
CVE-2021-3449 12 Checkpoint, Debian, Fedoraproject and 9 more 167 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 164 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2021-30361 1 Checkpoint 4 Gaia Os, Gaia Portal, Quantum Security Gateway and 1 more 2024-11-21 6.9 MEDIUM 6.7 MEDIUM
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.