CVE-2024-24915
BaseFortify
Publication date: 2025-06-29
Last updated on: 2025-09-03
Assigner: Check Point Software Technologies Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.10 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r81.20 |
| checkpoint | smartconsole | r82 |
| checkpoint | smartconsole | r82 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
| CWE-316 | The product stores sensitive information in cleartext in memory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because credentials are not cleared from memory after use. An administrator with appropriate permissions can execute a memory dump of the SmartConsole process and retrieve these credentials from memory, potentially exposing sensitive information. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access to administrator credentials by users with debugging privileges, which may result in compromise of system security, unauthorized actions, and potential data breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for memory dumps of the SmartConsole process, as credentials remain in memory after use. Specifically, look for use of debugging or memory dumping tools on systems running SmartConsole by users with Administrator permissions. Commands to detect such activity are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting debugging privileges and access to memory dumping tools on systems running SmartConsole, especially for users with Administrator permissions, to prevent unauthorized memory dumps that could expose credentials. [1]