{"id":163850,"date":"2024-05-29T18:27:44","date_gmt":"2024-05-29T18:27:44","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=163850"},"modified":"2024-05-29T18:28:17","modified_gmt":"2024-05-29T18:28:17","slug":"check-point-vpn-zero-day-hotfix","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/163850\/digital-id\/check-point-vpn-zero-day-hotfix.html","title":{"rendered":"Check Point released hotfix for actively exploited VPN zero-day"},"content":{"rendered":"
<\/div>\n

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as\u00a0CVE-2024-24919, which is actively exploited in attacks in the wild.<\/h2>\n\n\n\n

Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919<\/a>, which is actively being exploited in attacks in the wild.<\/p>\n\n\n\n

The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure issue. Threat actors exploited the flaw to gain remote firewall access and breach corporate networks.<\/p>\n\n\n\n

The issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances. Impacted versions are R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.<\/p>\n\n\n\n

Early this week, the security firm warned of a surge in attacks aimed at VPN solutions.<\/p>\n\n\n\n

“We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point’s customers.\u00a0By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method,”\u00a0the company said<\/a>.<\/p>\n\n\n\n

“We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point\u2019s customers.” reads the initial advisory<\/a> published by the vendor.<\/em><\/p>\n\n\n\n

“By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method.”<\/p>\n\n\n\n

The company started investigating the attacks by assembling special teams of Incident Response, Research, Technical Services and Products professionals. The experts found within 24 hours a few potential customers which were attacked.<\/p>\n\n\n\n

On May 28, the experts discovered how attackers were targeing its customers and released a fix<\/a>\u00a0for Check Point Network Security gateways.<\/p>\n\n\n\n

“The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled. The attempts we\u2019ve seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication.” reads an update to the initial advisory. “Within a few hours of this development, Check Point released an\u00a0easy to implement solution<\/a>\u00a0that prevents attempts to exploit this vulnerability. To stay secure, customers should follow these\u00a0simple instructions<\/a>\u00a0to deploy the provided solution.”<\/em><\/p>\n\n\n\n

The company also released hotfixes that address the flaw in end-of-life (EOL) versions.<\/p>\n\n\n\n

Check Point set up FAQ page<\/a>\u00a0to provide information about CVE-2024-24919, such as what customers should do if they suspect unauthorized access attempts.<\/gwmw><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/gwmw><\/gwmw><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Check Point VPN zero-day)<\/strong><\/gwmw><\/gwmw><\/p>\n\n\n\n

<\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as\u00a0CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively being exploited in attacks in the wild. The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure issue. Threat actors […]<\/p>\n","protected":false},"author":1,"featured_media":33585,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,4,55],"tags":[2099,4112,9508,9506,10918,687,841,1533,1350,528],"class_list":["post-163850","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-digital-id","category-security","tag-check-point","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news","tag-vpn","tag-zero-day"],"yoast_head":"\n杭州江阴科强工业胶带有限公司