"PoC Published for Exploited Check Point VPN Vulnerability"

Proof-of-concept (PoC) code has recently been released for an actively exploited zero-day vulnerability affecting multiple Check Point Security Gateway iterations.  The vulnerability was disclosed on May 27 and is tracked as CVE-2024-24919 (CVSS score of 8.6).  The issue is described as an arbitrary file read issue in gateways that have IPSec VPN or Mobile Access blades enabled.  According to Check Point, its CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security gateways, and Quantum Spark appliances are impacted.  Check Point noted that exploiting this vulnerability can result in accessing sensitive information on the Security Gateway.  In certain scenarios, the vulnerability can potentially lead the attacker to move laterally and gain domain admin privileges.  Check Point noted that the vulnerability can be exploited over the network without privileges and does not require user interaction.  If the VPN component is enabled on the gateway, no special conditions are required for successful exploitation.  Check Point has released hotfixes for the bug, urging customers to install them as an initial mitigation and to implement the additional protection measures described in its advisory, including resetting Gaia OS passwords for all local users and preventing password-only authentication.  According to Check Point, while an initial assessment suggested that the zero-day might have been exploited for a month, further investigation revealed that the first exploitation attempts began roughly two months ago, on April 7.

 

SecurityWeek reports: "PoC Published for Exploited Check Point VPN Vulnerability"

Submitted by Adam Ekwall on