Check Point warns users of a zero-day vulnerability in its Network Security Gateway that the threat actors are actively exploiting. This vulnerability exposes certain information on Internet-connected Gateways with VPN.
Check Point Confirmed Active Exploitation Of Network Security Gateway Zero-Day
According to its recent post, Check Point has warned Network Security Gateway products’ users of a serious vulnerability under attack. As explained, the vulnerability – precisely, a zero-day – typically impacts Network Security Gateway products, allowing an adversary to read certain information on Internet-connected Gateways.
Specifically, the vulnerability, identified as CVE-2024-24919, impacts any Security Gateway in either of the following two conditions.
- The product has IPSec VPN Blade enabled in Remote Access VPN Community.
- The product has Mobile Access Software Blade enabled.
Initially, Check Point’s team detected the exploitation attempts with remote access setups and old VPN local accounts with unrecommended password-only authentication. Consequently, Check Point alerted the users while releasing an easy fix to prevent the exploits.
However, investigating the matter further made them identify the root cause behind the exploits and develop an appropriate patch. According to Check Point’s support article, the firm deployed a hotfix for this vulnerability, with subsequent updates released for all eligible products (CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances). This hotfix blocks local accounts from authenticating via passwords to access Remote Access VPN, particularly those with the password-only setup.
According to the details shared via a separate FAQ page for this zero-day, Check Point’s analysis shows that the first exploitation attempts of CVE-2024-24919 date back to April 30, 2024. This vulnerability has received a high-severity rating with a CVSS score of 8.6.
Users Must Patch The Eligible Devices With The Hotfix
Users running the following Security Gateways can deploy the Hotfix to secure their systems.
- Quantum Security Gateway and CloudGuard Network Security: R81.20, R81.10, R81, R80.40
- Quantum Maestro and Quantum Scalable Chassis: R81.20, R81.10, R80.40, R80.30SP, R80.20SP
- Quantum Spark Gateways: R81.10.x, R80.20.x, R77.20.x
Whereas for the users running older or end-of-life versions, Check Point recommends upgrading to a version supporting the Hotfix, or disabling the Remote Access and Mobile Access functionalities on their devices to prevent exploits.
Let us know your thoughts in the comments.