A high alert notification has been issued by the Australian Cyber Security Centre (ACSC) for vulnerabilities that affect Check Point Gateways with Mobile Access blades or IPsec VPN enabled. The zero-day vulnerability, identified as CVE-2024-24919, enables attackers to access private data on susceptible systems and may also compromise large networks.
Check Point Gateways Vulnerability CVE-2024-24919 Explained
CVE-2024-24919 has been classified as an arbitrary file read vulnerability. This means that an attacker can read any infected file by exploiting the vulnerability without the need for prior authentication or special privileges. Attackers could exploit this flaw by reading any file on an affected device. Attackers might exploit the vulnerability to steal user credentials by cracking hashed passwords or using them for phishing attacks in the future. Attackers can also launch lateral attacks by using stolen credentials to move within a network and access more sensitive systems. They can also delete or modify critical data and disrupt operations by installing malware, thereby gaining access to launch attacks within the network in the future. The ACSC, in a high alert notice issued on May 31, confirmed the active exploitation attempts targeting unpatched Check Point devices. Check Point has released a hotfix to address the CVE-2024-24919 vulnerability. Exploiting the vulnerability could let attackers access sensitive information and allow them to move laterally within a network, potentially gaining complete control (including domain admin privileges). [caption id="attachment_74282" align="alignnone" width="2430"] Source: X[/caption]Check Point Gateways: Over 15,000 Devices Vulnerable Globally
Research on ODIN, an Internet search engine built by Cyble for attack surface management and threat intelligence, found that more than 15,000 instances of Check Point devices globally are internet-facing and potentially vulnerable. ODIN users can use the query services modules http.title:“Check Point SSL Network Extender” to track the internet exposed Check Point devices on the platform. The affected Check Point products include:- CloudGuard Network
- Quantum Maestro
- Quantum Scalable Chassis
- Quantum Security Gateways
- Quantum Spark Appliances
- R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20