A logic flow weakness in the certificate validation path for the deprecated IKEv1 key exchange allows an unauthenticated attacker to bypass user authentication on a remote VPN connection. The flaw enables the attacker to establish a link to the gateway without possessing a valid user password, thereby granting unauthorized access to the protected network and all resources behind the gateway. This vulnerability falls under CWE‑287 (Authentication Bypass by Missing or Incorrect Authentication).

The flaw affects Check Point’s Quantum Security Gateway and Spark Firewalls. No specific product versions are listed in the advisory, so all deployments of these gateway releases that use the affected IKEv1 logic are potentially vulnerable.

The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The CVSS score is absent, but the nature of the flaw—unauthenticated remote bypass—indicates a high severity. Because the attack requires only network connectivity to the VPN service and the construction of a certificate that triggers the logic flaw, the exploitability is likely high if the gateway is exposed to untrusted traffic. Attackers would benefit from network access that can reach the VPN interface; no special system or user privileges are required. The lack of publicly disclosed exploits means the current risk is primarily from the theoretical possibility of exploitation, but the potential for widespread credentialless access makes it urgent for administrators to verify mitigation posture.