Checkpoint warns users of a zero-day vulnerability in their network security gateway that threat actors are actively exploiting. This vulnerability exposes some information to gateways connected to the Internet with a VPN.

Checkpoint confirmed an active Network Security Gateway zero-day exploit.

According to his recent Post, Checkpoint has warned users of network security gateway products of a serious vulnerability to attack. As explained, the vulnerability — precisely, a zero-day — typically affects network security gateway products, allowing an adversary to read certain information on Internet-connected gateways.

Specifically, the vulnerability, identified as CVE-2024-24919, affects security gateways in either of the following two conditions:

  1. The product has the IPSec VPN blade enabled in the remote access VPN community.
  2. The product has Mobile Access Software Blade enabled.

Initially, the Checkpoint team detected exploit attempts through remote access setups and old VPN local accounts that did not have password authentication. As a result, Checkpoint warned users by issuing a simple fix to prevent the exploit.

However, further investigation into the matter led them to identify the root cause behind the exploits and develop a suitable patch. According to the checkpoint Support article, the firm deployed a hotfix for the vulnerability, with subsequently released updates for all eligible products (CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances). This hotfix prevents local accounts from being authenticated with passwords to access Remote Access VPNs, especially those that have a password only setup.

As per the details shared through a separate. Frequently asked questions page For this zero-day, checkpoint analysis shows that the first exploit attempts for CVE-2024-24919 date back to April 30, 2024. The threat received a high severity rating with a CVSS score of 8.6.

Customers must patch eligible devices with the hotfix.

Users running the following security gateways can deploy hotfixes to secure their systems.

  • Quantum Security Gateway and CloudGuard Network Security: R81.20, R81.10, R81, R80.40
  • Quantum Maestro and Quantum Scalable Chassis: R81.20, R81.10, R80.40, R80.30SP, R80.20SP
  • Quantum Spark Gateways: R81.10.x, R80.20.x, R77.20.x

While for users running older or end-of-life versions, Check Point recommends upgrading to a version that supports the hotfix, or disabling remote access and mobile access features on their devices to prevent exploitation.

Let us know your thoughts in the comments.

Source link