This page lists publicly disclosed CVE vulnerabilities affecting checkpoint gaia_os (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-50751 KEV | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. | [email protected] | 9.3 | 71.05% | 2026-06-08 | 2026-06-17 |
| CVE-2024-24911 | In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache. | [email protected] | 5.3 | 0.37% | 2025-02-06 | 2026-06-17 |
| CVE-2024-24914 | Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available. | [email protected] | 8.0 | 0.40% | 2024-11-07 | 2026-06-17 |
| CVE-2021-30361 | The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | [email protected] | 6.7 | 4.11% | 2022-05-11 | 2026-06-16 |
| CVE-2013-7311 | The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | [email protected] | 5.4 | 0.61% | 2014-01-23 | 2026-06-16 |