Check Point Security Gateways Vulnerability Allows Remote Access Attacks
Key Information
- Vendor
- Checkpoint
- Status
- Check Point Quantum Gateway, Spark Gateway And Cloudguard Network
- Vendor
- CVE Published:
- 28 May 2024
Badges
Summary
A critical zero-day vulnerability, CVE-2024-24919, has been exploited by threat actors to gain unauthorized access to sensitive information on Check Point Security Gateways with remote access VPN or mobile access enabled. The vulnerability affects several Check Point products and allows attackers to access specific information on compromised gateways, potentially enabling them to retrieve password hashes and other sensitive data, leading to lateral movement within the victim's network. Check Point has released emergency patches for the affected products, urging customers to apply the patches immediately and enhance security measures to protect their networks from further attacks. The exploitation of this vulnerability underscores the critical need for robust security practices and timely updates.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-24919 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Check Point Quantum Gateway, Spark Gateway and CloudGuard Network = Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Huge Surge in Attacks Exploiting Check Point VPN Zero-Day Vulnerability
Check Point published an advisory regarding a critical vulnerability, CVE-2024-24919, which has since seen a surge in exploitation attempts.
3 months ago
Attacks Surge on Check Point's Recent VPN Zero-Day Flaw
One monitoring firm has detected exploitation attempts targeting CVE-2024-24919 from more than 780 unique IP addresses in the past week.
3 months ago
Exploit Attempts Against Check Point CVE-2024-24919 On the Rise
Hundreds of separate IP addresses are now trying to exploit the Check Point patch traversal flaw (CVE-2024-24919) that was disclosed lat week.
3 months ago
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Risk change from: 7.5 to: 8.6 - (HIGH)
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by TechTarget
Vulnerability published.
Vulnerability Reserved.