Check Point is advising customers to install hotfixes to address an actively exploited zero-day vulnerability in several of its Quantum series VPN solutions.
The high-severity zero-day vulnerability, designated CVE-2024-24919, could allow threat actors to read information on internet-connected gateways that have the ‘Remote Access VPN’ or ‘Mobile Access Software Blades’ feature enabled.
This information can include old local accounts with simple passwords that don’t require multi-factor authentication, which are then used by threat actors to log in to the devices.
CVE-2024-24919 affects several VPN solutions, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.
According to Check Point, the exploitation of CVE-2024-24919 has been limited to a small number of cases.
Source: Bleeping Computer
Analysis
Compromising VPN gateways is a convenient way for threat actors to discover other enterprise assets and users, and potentially find vulnerabilities that can be leveraged to gain persistence or to move laterally.
Since VPNs are internet-exposed, they often serve as the first point of contact for threat actors with a network of interest, thus they must be configured properly and securely.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software, appliances and operating systems. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the exploitation of these vulnerabilities.
Identify, measure, and reduce your risk with a personalized attack surface report.
Our automated attack surface reports detect end-of-life software and operating systems, exposed devices and services, third-party risks & more.
Try it free
Field Effect MDR users were automatically notified if a vulnerable Check Point device was detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly encourages users of the affected Check Point VPN gateways to update to the latest version as soon as possible, in accordance with Check Point’s advisory.
Related Articles