Check Point has patched a zero-day vulnerability that has been exploited in the wild.
The vulnerability, tracked as CVE-2024-24919, enables an attacker to “read certain information” on Check Point Network Security gateways with either the remote access VPN or mobile access enabled.
The exploitation is seen in small number with attempts against its customers starting May 24, targeting old VPN local accounts with password-only authentication.The activity was observed following an overall increase in attacks targeting remote-access VPNs to gain entry into enterprise networks.
In response to the exploitation attempts targeting Check Point customers, prior to the root cause being discovered, the company provided a temporary fix that blocked local accounts with password-only authentication from logging into the remote access VPN.
Customers were also advised to change the password of the Security Gateway’s account in the Active Directory.
CVE-2024-24919 affects the following Check Point products:
- CloudGuard Network
- Quantum Maestro
- Quantum Scalable Chassis
- Quantum Security Gateways
- Quantum Spark Appliances.
Check Point’s advisory noted that installing the latest hotfixes for these products is mandatory to prevent exploitation of the flaw.
