Zero-Day Hotfix Available for Check Point Products

Summary

A critical vulnerability categorized as CVE-2024-24919 (CVSS 3.1: 7.5) has been identified in multiple Check Point products by the Check Point Research Division. This zero-day vulnerability allows attackers to access specific information on gateways connected to the internet with Remote Access VPN or Mobile Access enabled. On May 24th, Check Point detected increased threat actor activity targeting Remote Access VPN environments. On May 27th, a customer reported an attack leveraging this vulnerability.

Impact Assessment

This vulnerability enables attackers to gather sensitive information from targeted gateways, particularly those using insecure password-only authentication methods. The exploitation of this vulnerability leads to a complete loss of confidentiality.

Affected Systems:

• Security Gateways with IPSec VPN or Mobile Access software blades.

Remediation

Check Point has released hotfixes for CVE-2024-24919, available through the Security Gateway portal. To apply the update:

1. Navigate to 'Software Updates'.
2. Select 'Available Updates' and then 'Hotfix Updates'.
3. Install the update and reboot the system.

Manual downloads are available for:

• Quantum Security Gateway
• Quantum Maestro and Quantum Scalable Chassis
• Quantum Spark Appliances

For systems using IPSec VPN software blade solely for Site-to-Site purposes, this vulnerability does not apply. In cases where the update cannot be applied, updating the Active Directory password used by the Security Gateway can enhance security.

What It Means for You

If you use Check Point products with Remote Access VPN or Mobile Access blades, hotfixes are available to mitigate this vulnerability. Ensure that systems using password-only authentication follow the remediation steps to prevent exploitation. Threat actors are particularly targeting these configurations.

Business Implications

Exploitation of this vulnerability can result in the complete loss of confidentiality, leading to the exposure and potential exfiltration of sensitive information. This can cause significant reputational damage and data loss for affected organizations.

Recommendations

• Install the Hotfix: To prevent attackers from exploiting this vulnerability.
• Implement Multi-Factor Authentication: Adds an extra security layer to deter unauthorized access.
• Follow Best Practices: Check Point's recommendations include changing user authentication methods and blocking connections from password-only authenticated sources.

Associated Bulletins

For further details and updates, refer to Check Point's security advisories and bulletins.This report provides crucial steps to protect your systems from a significant vulnerability.