CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:checkpoint:gaia_os:r81:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.10:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:*:*:*:*:*:*:*
OR cpe:2.3:h:checkpoint:clusterxl:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_maestro:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_scalable_chassis:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*

History

26 Aug 2025, 16:40

Type Values Removed Values Added
First Time Checkpoint quantum Security Gateway
Checkpoint quantum Security Management
Checkpoint quantum Scalable Chassis
Checkpoint gaia Os
Checkpoint clusterxl
Checkpoint quantum Spark
Checkpoint quantum Maestro
Checkpoint multi-domain Management
Checkpoint
Checkpoint quantum 6700
References () https://support.checkpoint.com/results/sk/sk182743 - () https://support.checkpoint.com/results/sk/sk182743 - Vendor Advisory
CPE cpe:2.3:h:checkpoint:quantum_scalable_chassis:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:clusterxl:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_6700:-:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.10:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_maestro:-:*:*:*:*:*:*:*

08 Nov 2024, 19:01

Type Values Removed Values Added
Summary
  • (es) Los usuarios autenticados de Gaia pueden inyectar código o comandos mediante variables globales a través de solicitudes HTTP especiales. Hay disponible una solución de seguridad que mitiga esta vulnerabilidad.

07 Nov 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-07 12:15

Updated : 2025-08-26 16:40


NVD link : CVE-2024-24914

Mitre link : CVE-2024-24914

CVE.ORG link : CVE-2024-24914


JSON object : View

Products Affected

checkpoint

  • quantum_scalable_chassis
  • quantum_spark
  • quantum_security_management
  • quantum_security_gateway
  • quantum_maestro
  • quantum_6700
  • gaia_os
  • clusterxl
  • multi-domain_management
CWE
CWE-914

Improper Control of Dynamically-Identified Variables