GHSA-jqxh-x9f5-wcgw · 深刻度: critical — A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated...
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
総合評価: CVE-2026-50751 は在野悪用が確認された重大脅威(100/100)。CVSS 深刻度は重大。悪用される可能性が高い(EPSS 41.15%、98 パーセンタイル) 根拠: CISA KEV に登録(追加日 2026-06-08)。Check Point / Security Gateway が対象で、認証バイパス(CWE-287)の悪用が確認されています。未認証でリモート管理権限を奪取されるリスクが極めて高い。 直近 1 日で EPSS が +34.94% 上昇。悪用への関心が高まっている可能性があります。 推奨対応: CISA の対応期限を過ぎています。緊急のパッチ適用を最優先に検討してください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
: Check Point Security Gateway Improper Authentication Vulnerability · CISA KEV の詳細
: 2026-06-08
: 2026-06-11
: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-17 | 6.22% | 41.15% | +34.94% |
| 2 | 2026-06-15 | 13.73% | 6.22% | -7.51% |
| 3 | 2026-06-14 | — | 13.73% | — |
EPSS の全履歴 (全 6 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 9.3 | 3.1 | CRITICAL |
|
3.9 | 4.7 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
GHSA-jqxh-x9f5-wcgw · 深刻度: critical — A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated...
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| checkpoint | gaia_os | >= r80.40, < r81.20 | cpe:2.3:o:checkpoint:gaia_os:*:*:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:-:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_10:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_101:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_103:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_105:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_111:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_113:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_115:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_118:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_119:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_120:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_122:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_126:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_127:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_14:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_141:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_24:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_26:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_38:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_41:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_43:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_45:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_53:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_54:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_65:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_70:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_76:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_79:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_8:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_84:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_89:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_90:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_92:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_96:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_98:*:*:*:*:*:* |
| checkpoint | gaia_os | r81.20 | cpe:2.3:o:checkpoint:gaia_os:r81.20:take_99:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:-:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_10:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_103:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_12:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_14:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_18:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_19:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_25:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_33:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_34:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_36:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_39:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_41:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_43:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_44:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_60:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_73:*:*:*:*:*:* |
| checkpoint | gaia_os | r82 | cpe:2.3:o:checkpoint:gaia_os:r82:take_91:*:*:*:*:*:* |
| checkpoint | gaia_os | r82.10 | cpe:2.3:o:checkpoint:gaia_os:r82.10:-:*:*:*:*:*:* |
| checkpoint | gaia_os | r82.10 | cpe:2.3:o:checkpoint:gaia_os:r82.10:take_19:*:*:*:*:*:* |
| checkpoint | gaia_os | r82.10 | cpe:2.3:o:checkpoint:gaia_os:r82.10:take_6:*:*:*:*:*:* |
| checkpoint | gaia_embedded | >= r80.20.00, < r81.10.17 | cpe:2.3:o:checkpoint:gaia_embedded:*:*:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r81.10.17 | cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:-:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r81.10.17 | cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004508:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r81.10.17 | cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004620:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r81.10.17 | cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004653:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r81.10.17 | cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004721:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r81.10.17 | cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004892:*:*:*:*:*:* |
| checkpoint | gaia_embedded | >= r80.20.00, < r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:*:*:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:-:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998001559:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998001562:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002110:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002112:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002133:*:*:*:*:*:* |
| checkpoint | gaia_embedded | r82.00.10 | cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002203:*:*:*:*:*:* |
| URL | タグ |
|---|---|
| https://support.checkpoint.com/results/sk/sk185033 | Mitigation Patch Vendor Advisory |
| https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751 | US Government Resource |