Increased vulnerability of Check Point Software VPNs identified by researchers, previously underestimated.
The cybersecurity community has been abuzz with the recent discovery of a critical vulnerability in Check Point Software VPN, classified as CVE-2024-24919. This information disclosure issue, more serious than initially disclosed, could potentially allow attackers to gain unauthorized access to sensitive information on Check Point VPN gateways[2][3][5].
According to Mnemonic researchers, exploitation of this vulnerability started in late April[6]. The vulnerability allows a threat actor to retrieve all files on a local file system, including password hashes for local accounts, SSH keys, certificates, and other critical files[7]. Check Point first observed indications of threat activity as early as April 7[6].
The vulnerability is more powerful than the vendor advisory implies, according to WatchTowr researchers, who characterize it as a path-traversal vulnerability[8]. Researchers at WatchTowr have successfully gained access to every file on the system following exploitation of this vulnerability[9].
Censys data reveals the extent of the potential impact, showing 108 internet-exposed CloudGuard Network Security instances, 1,021 Quantum Security Gateways, and 12,321 Quantum Spark gateways[1][4]. These numbers highlight the urgency with which affected customers should prioritize patching and follow Check Point's advisories for detailed technical instructions and ongoing updates to fully mitigate the vulnerability and prevent potential exploitation[1][3].
The company has released mitigation steps and instructions to detect compromised environments[3]. Recommended measures include applying the security patches issued by Check Point as soon as they are available[3]. Limiting VPN access to trusted users and implementing strong authentication mechanisms such as multi-factor authentication (MFA) are also crucial to reduce the risk of exploitation[2]. Monitoring VPN gateways for unusual access patterns or attempts to exploit the vulnerability is also advised.
Rapid7 researchers urge users to reset their local account credentials in addition to following the vendor's recommended mitigations[10]. "This is a significant threat due to observed active exploitation taking place for the past several weeks," said Christian Beek, senior director of threat analytics at Rapid7[10]. The situation is considered "very serious" by Check Point, and the company urges all customers to apply the update[11].
In summary, CVE-2024-24919 is a critical information disclosure vulnerability in Check Point VPN products that must be addressed promptly by applying patches and strengthening access controls as recommended by Check Point Security[1][2][3][5]. The exploitation of this vulnerability has been observed since late April, making it essential for affected customers to prioritize patching and follow the vendor's advisories to protect their systems.
- The recent discovery of a critical vulnerability, CVE-2024-24919, in Check Point Software VPN has raised concerns about network security, especially since it allows for unauthorized access to sensitive information.
- The exploitation of this vulnerability, considered a path-traversal vulnerability by WatchTowr researchers, can potentially retrieve all files on a local file system, including password hashes, SSH keys, certificates, and other critical files.
- In the general-news of cybersecurity, the ongoing exploitation of this vulnerability highlights the importance of prompt patching, strengthening access controls, and following the vendor's advisories to protect systems from potential attacks.
