Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919<\/a>, which is actively being exploited in attacks in the wild.<\/p>\n\n\n\n
Early this week, the security firm warned of a surge in attacks aimed at VPN solutions.<\/p>\n\n\n\n
“We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point’s customers.\u00a0By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method,”\u00a0the company said<\/a>.<\/p>\n\n\n\n
“We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point\u2019s customers.” reads the initial advisory<\/a> published by the vendor.<\/em><\/p>\n\n\n\n
On May 28, the experts discovered how attackers were targeing its customers and released a fix<\/a>\u00a0for Check Point Network Security gateways.<\/p>\n\n\n\n
“The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled. The attempts we\u2019ve seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication.” reads an update to the initial advisory. “Within a few hours of this development, Check Point released an\u00a0easy to implement solution<\/a>\u00a0that prevents attempts to exploit this vulnerability. To stay secure, customers should follow these\u00a0simple instructions<\/a>\u00a0to deploy the provided solution.”<\/em><\/p>\n\n\n\n
The company also released hotfixes that address the flaw in end-of-life (EOL) versions.<\/p>\n\n\n\n
Check Point set up FAQ page<\/a>\u00a0to provide information about CVE-2024-24919, such as what customers should do if they suspect unauthorized access attempts.
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a>
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Check Point VPN zero-day)<\/strong>