On May 27, 2024, Check Point reported a significant spike in attacks targeting VPN devices. This activity was traced to a zero-day vulnerability, identified as CVE-2024-24919, affecting Check Point Security Gateways with remote access VPN or Mobile Access Software Blades enabled. This high-severity information disclosure vulnerability allows attackers to read specific information on internet-exposed gateways, posing a substantial risk to corporate networks.
Zero-Day Vulnerability CVE-2024-24919 in Check Point VPN Devices Technical Overview
Vulnerability ID: CVE-2024-24919
Severity: High
Impacted Products:
- CloudGuard Network
- Quantum Maestro
- Quantum Scalable Chassis
- Quantum Security Gateways
- Quantum Spark Appliances
Affected Versions:
- R80.20.x
- R80.20SP (EOL)
- R80.40 (EOL)
- R81
- R81.10
- R81.10.x
- R81.20
Description:
CVE-2024-24919 is an information disclosure vulnerability that allows attackers to read specific information on Check Point Security Gateways with remote access VPN or Mobile Access Software Blades enabled. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further network breaches.
Observed Exploit Attempts:
Initial exploit attempts focused on remote access scenarios with outdated local accounts using password-only authentication methods, which are not recommended.
What We Suggest to Stop Zero-Day Vulnerability CVE-2024-24919 in Check Point VPN Devices
1. Apply Security Updates: Check Point has released hotfixes to address CVE-2024-24919. It is crucial to apply these updates immediately to protect your infrastructure.
Steps to Apply the Hotfix:
- Navigate to the Security Gateway portal.
- Go to Software Updates > Available Updates > Hotfix Updates.
- Click ‘Install’. The installation process takes approximately 10 minutes and requires a reboot.
Manual Download Links and Instructions:
- Quantum Security Gateway Hotfixes
- For Quantum Maestro, Quantum Scalable Chassis, and Quantum Spark Appliances, refer to the specific hotfix links provided in the advisory.
2. Enhance Security Posture:
- Change Active Directory Password:
- Update the AD password used by the Security Gateway for authentication.
- Instructions for changing the password can be found on Check Point’s security bulletin.
- Run Remote Access Validation Script:
- Use the VPNcheck.sh script to identify and mitigate weak authentication methods.
- Instructions for using the script are available in Check Point’s advisory.
3. Block Weak Authentication Methods:
- Block Local Accounts Using Password-Only Authentication:
- After applying the hotfix, local accounts with password-only authentication will be automatically blocked.
- A log entry will be created for any blocked login attempts.
DIFEND WITH CONFIDENCE