< BACK TO BLOG

CVE-2024-24919: Information Disclosure Vulnerability Leveraged to Target Check Point VPNs

Share :

On May 27, 2024, Check Point released hot fixes for an information disclosure vulnerability being leveraged by threat actors to target Check Point VPNs. This vulnerability was labeled as CVE-2024-24919 and is rated as high severity, as a remote threat actor can exploit the vulnerability to access information on Gateways connected to the Internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. 

Check Point identified a small number of login attempts in customer environments using old VPN local-accounts utilizing password-only authentication method, which is not recommended. Check Point is currently working with customers that were affected to remediate the vulnerability and encourages customers to reach out to their Check Point Representative for any questions.

Gateway vulnerabilities that can lead to information disclosure are enticing targets for threat actors, such as the Citrix Bleed vulnerability (CVE-2023-4966), which was exploited towards the end of 2023. This vulnerability was leveraged by various threat actors to target multiple industries, and highlights the potential widespread impact of these vulnerabilities. 

CVE-2024-24919 for CVE-2024-24919

Recommendation #1: Apply Hotfixes 

Arctic Wolf strongly recommends applying the applicable hotfix for your Quantum Gateway. Please follow your organization’s patching and testing guidelines to avoid any operational impact. 

Product  Affected Version  Hotfix 
Quantum Security Gateway and CloudGuard Network Security Versions 
  • R81.20 
  • R81.10 
  • R81 
  • R80.40 
  • R81.20 Jumbo Hotfix Accumulator Take 54 
  • R81.20 Jumbo Hotfix Accumulator Take 41 
  • R81.20 Jumbo Hotfix Accumulator Take 53 
  • R81.20 Jumbo Hotfix Accumulator Take 26 
  • R81.10 Jumbo Hotfix Accumulator Take 141 
  • R81.10 Jumbo Hotfix Accumulator Take 139 
  • R81.10 Jumbo Hotfix Accumulator Take 130 
  • R81.10 Jumbo Hotfix Accumulator Take 110 
  • R81 Jumbo Hotfix Accumulator Take 92 
  • R80.40 Jumbo Hotfix Accumulator Take 211 
  • R80.40 Jumbo Hotfix Accumulator Take 206 
  • R80.40 Jumbo Hotfix Accumulator Take 198 
  • R80.40 Jumbo Hotfix Accumulator Take 197 
Quantum Maestro and Quantum Scalable Chassis 
  • R81.20 
  • R81.10 
  • R80.40 
  • R80.30SP 
  • R80.20SP 
  • R80.30SP Jumbo Hotfix Accumulator Take 97 
  • R80.20SP Jumbo Hotfix Accumulator Take 336 
Quantum Spark Gateways Version 
  • R81.10.x 
  • R80.20.x 
  • R77.20.x 
  • R81.10.10 Quantum Spark Appliances 
  • R81.10.08 Quantum Spark Appliances 
  • R80.20.60 Quantum Spark Appliances 
  • R77.20.87 Quantum Spark Appliances 
  • R77.20.81 Quantum Spark Appliances 

 

If any additional assistance is required, Check Point encourages users to contact Check Point technical support Center or your local Check Point representative. 

Recommendation #2: Implement Additional Security Hardening Measures 

Check Point recommends implementing additional security measures to harden Gateways. This includes things such as: 

  • Changing the password of the Security Gateway’s account in Active Directory 
  • Identifying local accounts with password only authentication 
  • Preventing local accounts from connecting to VPN with password authentication  

For detailed step by step guidance, please refer to the “Important Extra Measures” Section in their SecureKnowledge Article. 

References 

Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter

Continue Reading