Check Point Security Gateways Vulnerability Allows Remote Access Attacks
Key Information
- Vendor
- Checkpoint
- Status
- Check Point Quantum Gateway, Spark Gateway And Cloudguard Network
- Vendor
- CVE Published:
- 28 May 2024
Badges
Summary
A critical zero-day vulnerability, CVE-2024-24919, has been exploited by threat actors to gain unauthorized access to sensitive information on Check Point Security Gateways with remote access VPN or mobile access enabled. The vulnerability affects several Check Point products and allows attackers to access specific information on compromised gateways, potentially enabling them to retrieve password hashes and other sensitive data, leading to lateral movement within the victim's network. Check Point has released emergency patches for the affected products, urging customers to apply the patches immediately and enhance security measures to protect their networks from further attacks. The exploitation of this vulnerability underscores the critical need for robust security practices and timely updates.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-24919 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Check Point Quantum Gateway, Spark Gateway and CloudGuard Network = Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
cyfirma CVE-2024-24919Threat Actors Actively Exploiting CVE-2024-24919: Underground Forums Share IP Addresses of Vulnerable Check Point Security Gateway Devices - CYFIRMA
Published On : 2024-07-12 EXECUTIVE SUMMARY A critical vulnerability, identified as CVE-2024-24919, has been discovered in certain End-of-life (EOL) devices that no longer receive updates or patches...
2 months ago
CybersecurityNews CVE-2024-24919Huge Surge in Attacks Exploiting Check Point VPN Zero-Day Vulnerability
Check Point published an advisory regarding a critical vulnerability, CVE-2024-24919, which has since seen a surge in exploitation attempts.
6 months ago
Attacks Surge on Check Point's Recent VPN Zero-Day Flaw
One monitoring firm has detected exploitation attempts targeting CVE-2024-24919 from more than 780 unique IP addresses in the past week.
6 months ago
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Risk change from: 7.5 to: 8.6 - (HIGH)
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by TechTarget
Vulnerability published.
Vulnerability Reserved.