Check Point warns of Zero-Day in Network Security Gateway

3 Min Read

Check Point is alerting users to a zero-day vulnerability in its Network Security Gateway that threat actors are actively exploiting. This vulnerability exposes certain information about VPN-enabled Internet-connected gateways.

Check Point confirmed active operation of Network Security Gateway Zero-Day

According to his recent afterCheck Point has alerted users of Network Security Gateway products to a serious vulnerability under attack. As explained, the vulnerability – precisely a zero-day – typically affects Network Security Gateway products, allowing an adversary to read certain information on Internet-connected gateways.

Specifically, the vulnerability, identified as CVE-2024-24919, affects any Security Gateway under one of two conditions.

  1. The product has IPSec VPN Blade enabled in the Remote Access VPN Community.
  2. The product has Mobile Access Software Blade enabled.

Initially, Check Point’s team detected the exploit attempts using remote access settings and old local VPN accounts with unrecommended password-only authentication. Therefore, Check Point alerted users and released a simple fix to prevent the exploits.

However, by investigating the matter further, they were able to identify the root cause behind the exploits and develop an appropriate patch. According to Checkpoint supporting article, the company deployed a hotfix for this vulnerability and released updates for all eligible products (CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances). This hotfix prevents local accounts from authenticating via passwords to access Remote Access VPN, especially if they are set up with a password only.

According to the details shared via a separate Frequently asked questions page for this zero-day, Check Point’s analysis shows that the first exploit attempts of CVE-2024-24919 date back to April 30, 2024. This vulnerability has been given a high severity rating with a CVSS score of 8.6.

See also  Lara Trump on Campaign Donations for President Trump - “April fundraising exceeded our expectations, the average donation was less than $30, which means the people of this country understand what's at stake” (VIDEO) | The Gateway expert

Users must patch eligible devices with the hotfix

Users with the following security gateways can deploy the Hotfix to secure their systems.

  • Quantum Security Gateway and CloudGuard Network Security: R81.20, R81.10, R81, R80.40
  • Quantum Maestro and Quantum Scalable Chassis: R81.20, R81.10, R80.40, R80.30SP, R80.20SP
  • Quantum Spark Gateways: R81.10.x, R80.20.x, R77.20.x

While users on older or end-of-life versions, Check Point recommends upgrading to a version that supports the Hotfix or disabling remote and mobile access features on their devices to avoid exploits.

Let us know your thoughts in the comments.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *