Quantum Security Gateway
Monthly
Heap-based buffer overflow in Check Point Quantum Security Gateway's HTTP-based service allows unauthenticated remote attackers to cause availability disruption by sending crafted malformed HTTP requests requiring no authentication or user interaction. Affected deployments span all R81.10 releases and below, R81.20 through Jumbo Hotfix Take 127, R82 through Jumbo Hotfix Take 91, and R82.10 through Jumbo Hotfix Take 19. No public exploit identified at time of analysis, though SSVC classifies the attack as automatable with total technical impact - a meaningful tension with the CVSS A:L rating that security teams should scrutinize before deprioritizing.
SQL injection in Check Point Quantum Security Gateway's UserCheck Web Portal allows a remote unauthenticated attacker who can reach the UserCheck Ask page to manipulate the Security Gateway's stored DLP incident database when the DLP blade is active. Successful exploitation can cause loss of stored incident entries, disruption of pending approval workflows, or resource exhaustion through repeated abuse - all of which could undermine the integrity of an organization's data loss prevention audit trail. No public exploit code has been identified and EPSS is very low at 0.06% (18th percentile), with no CISA KEV listing at time of analysis.
Unauthenticated information disclosure in Check Point Quantum Security Gateway allows remote attackers to read internal files on the appliance when the Identity Awareness blade is configured with Browser-Based Authentication. The flaw maps to CWE-98 (PHP file inclusion) and carries a CVSS 7.5 with confidentiality-only impact; EPSS is low (0.10%) and there is no public exploit identified at time of analysis, but the unauthenticated network reach against a perimeter gateway makes triage urgent for affected deployments.
Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to crash the VPN processing service by sending specially crafted IKE packets over NAT-T (UDP/4500). Multiple supported releases (R81.10 and below, R81.20, R82, R82.10) are affected up to specific Jumbo Hotfix takes. No public exploit identified at time of analysis, and EPSS is low at 0.06% (17th percentile), suggesting limited near-term exploitation likelihood despite the 8.1 CVSS score.
Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to terminate the VPN service by sending a malformed IKE fragment to UDP port 500 during the early phase of a connection attempt. The flaw affects multiple R81.x, R82, and R82.10 release trains running below specific Jumbo Hotfix Takes; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).
Heap-based buffer overflow in Check Point Quantum Security Gateway's HTTP-based service allows unauthenticated remote attackers to cause availability disruption by sending crafted malformed HTTP requests requiring no authentication or user interaction. Affected deployments span all R81.10 releases and below, R81.20 through Jumbo Hotfix Take 127, R82 through Jumbo Hotfix Take 91, and R82.10 through Jumbo Hotfix Take 19. No public exploit identified at time of analysis, though SSVC classifies the attack as automatable with total technical impact - a meaningful tension with the CVSS A:L rating that security teams should scrutinize before deprioritizing.
SQL injection in Check Point Quantum Security Gateway's UserCheck Web Portal allows a remote unauthenticated attacker who can reach the UserCheck Ask page to manipulate the Security Gateway's stored DLP incident database when the DLP blade is active. Successful exploitation can cause loss of stored incident entries, disruption of pending approval workflows, or resource exhaustion through repeated abuse - all of which could undermine the integrity of an organization's data loss prevention audit trail. No public exploit code has been identified and EPSS is very low at 0.06% (18th percentile), with no CISA KEV listing at time of analysis.
Unauthenticated information disclosure in Check Point Quantum Security Gateway allows remote attackers to read internal files on the appliance when the Identity Awareness blade is configured with Browser-Based Authentication. The flaw maps to CWE-98 (PHP file inclusion) and carries a CVSS 7.5 with confidentiality-only impact; EPSS is low (0.10%) and there is no public exploit identified at time of analysis, but the unauthenticated network reach against a perimeter gateway makes triage urgent for affected deployments.
Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to crash the VPN processing service by sending specially crafted IKE packets over NAT-T (UDP/4500). Multiple supported releases (R81.10 and below, R81.20, R82, R82.10) are affected up to specific Jumbo Hotfix takes. No public exploit identified at time of analysis, and EPSS is low at 0.06% (17th percentile), suggesting limited near-term exploitation likelihood despite the 8.1 CVSS score.
Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to terminate the VPN service by sending a malformed IKE fragment to UDP port 500 during the early phase of a connection attempt. The flaw affects multiple R81.x, R82, and R82.10 release trains running below specific Jumbo Hotfix Takes; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).