Check Point Releases Fix For Zero-Day VPN Flaw

Check Point Releases Fix For Zero-Day VPN Flaw

Check Point Software released an emergency fix this week for a vulnerability in its VPN gateway products, warning customers that threat actors are actively exploiting the flaw.

The flaw (CVE-2024-24919), which ranks 7.5 out of 10 on the CVSS 3.0 severity scale, could enable attackers to read certain information on the gateways if they are connected to the internet and enabled with Remote Access VPN or Mobile Access. Several Check Point products are impacted, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways and Quantum Spark Appliances (versions R80.20.x, R81, R81.10, R81.10.x and R81.20, as well as end-of-life versions R80.20SP and R80.40).

The attacks were first observed by Check Point on May 24, and in an update on Tuesday, Check Point said that a “small number” of known customers are impacted.

“The attempts we’ve seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication,” according to Check Point’s advisory, initially released on Monday with the latest update on Tuesday. “Within a few hours of this development, Check Point released an easy to implement solution that prevents attempts to exploit this vulnerability.”

Check Point urged customers to deploy the available hot fixes, and check whether they have local VPN accounts and if they have been used. If the local accounts are in use, customers should add another layer of authentication beyond the use of passwords, such as certificates, to increase security, according to Check Point. If local accounts aren’t in use, customers should disable them.

“Password-only authentication is considered an unfavourable method to ensure the highest levels of security, and we recommend not to rely on this when logging-in to network infrastructure,” according to Check Point’s advisory.

Threat actors have been exploiting VPN vulnerabilities over the past few months. For instance, in January attackers widely targeted bugs in Ivanti’s Connect Secure VPN and Ivanti Policy Secure appliances. On the heels of these types of attacks, Check Point in its advisory said that it had been monitoring attempts to gain unauthorized access to VPNs for its customers.

“Over the past few months, we have observed increased interest of malicious groups in leveraging remote-access VPN environments as an entry point and attack vector into enterprises,” according to Check Point in its advisory. “Attackers are motivated to gain access to organizations over remote-access setups so they can try to discover relevant enterprise assets and users, seeking for vulnerabilities in order to gain persistence on key enterprise assets.”

Go to Source