Article Details
Scrape Timestamp (UTC): 2024-05-29 13:36:34.164
Original Article Text
Click to Toggle View
Check Point releases emergency fix for VPN zero-day exploited in attacks. Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. On Monday, the company first warned about a spike in attacks targeting VPN devices, sharing recommendations on how admins can protect their devices. Later, it discovered the source of the problem, a zero-day flaw that hackers exploited against its customers. Tracked as CVE-2024-24919, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled. "The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled," reads an update on Check Point's previous advisory. "The attempts we've seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication." CVE-2024-24929 impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances, in the product versions: R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20. Check Point has released the following security updates to address the flaw: To apply the update, head to the Security Gateway portal > Software Updates > Available Updates > Hotfix Updates, and click 'Install.' The vendor says the process should take approximately 10 minutes, and a reboot is required. After the hotfix is installed, login attempts using weak credentials and authentication methods will be automatically blocked, and a log will be created. Hotfixes have been made available for end-of-life (EOL) versions, too, but they must be downloaded and applied manually. Check Point created a FAQ page with additional information about CVE-2024-24919, IPS signature, and manual hotfix installation instructions. Those unable to apply the update are advised to enhance their security stance by updating the Active Directory (AD) password that the Security Gateway uses for authentication. Additionally, Check Point has created a remote access validation script that can be uploaded onto 'SmartConsole' and executed to review the results and take appropriate actions. More information on updating the AD password and using the 'VPNcheck.sh' script are available on Check Point's security bulletin.
Daily Brief Summary
Check Point issued emergency hotfixes due to a zero-day vulnerability in their VPN software that allowed attackers remote access to fire come walls and corporate networks.
The vulnerability, tracked as CVE-2024-24919, was identified as a high-severity issue enabling unauthorized reading of information on certain Check Point Security Gateways.
Affected products include several versions of CloudGuard Network, Quantum Security Gateways, and other related appliances.
Following the initial warning about increased attacks targeting VPN devices, the precise cause was pinpointed and addressed with the release of security updates.
Updates are available through the Security Gateway portal, requiring about 10 minutes to install with a necessary reboot, improving defense against weak authentication attempts.
Check Point also provided a remote access validation script and instructions for updating AD passwords to enhance security for those unable to immediately apply the hotfixes.
Additionally, manual downloads and installations are required for end-of-life product versions, with comprehensive guidance available on Check Point’s FAQ page.