Zero-day Vulnerability in Check Point Security Gateways
History:
- 30/05/2024 --- v1.0 -- Initial publication
Summary
On May 28, 2024, Check Point issued an advisory about a zero-day vulnerability, CVE-2024-24919, affecting Check Point Security Gateways. This high-severity information disclosure vulnerability can be exploited to gain unauthorised access to sensitive information on systems with remote Access VPN or Mobile Access Software Blades enabled [1].
It is recommended applying the hotfix and the extra protection measures provided by the vendor on affected devices.
Technical Details
Tracked as CVE-2024-24919, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled [1].
Affected Products
Check Point has released the following security updates to address the flaw [1]:
- Quantum Security Gateway and CloudGuard Network Security: R81.20, R81.10, R81, R80.40
- Quantum Maestro and Quantum Scalable Chassis: R81.20, R81.10, R80.40, R80.30SP, R80.20SP
- Quantum Spark Gateways: R81.10.x, R80.20.x, R77.20.x
Recommendations
CERT-EU recommends applying the hotfix and the extra protection measures on affected devices as soon as possible [2].
Extra Protection Measures
As described in Check Point's advisory, it is strongly recommended [2]:
- changing the password of the Security Gateway's account in Active Directory;
- preventing local accounts from connecting to VPN with password authentication.
Upon taking these actions, it is also recommended reviewing the authentication logs for those local accounts to identify any suspicious connection.