Black Arrow Cyber Advisory 11 June 2024 – Active exploitation of Check Point Zero-Day Vulnerability

Written By Black Arrow Admin

Executive summary

Recent exploitation of Check Point VPN zero-days have been ramping up since the proof of concept was released to the public. The actively exploited zero-day (CVE2024-24919) has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog and could allow an attacker to access sensitive information on Check Point Security gateways and allow them to obtain admin privileges. Check Point have recently stated that it is thought exploitation to have begun in early April, however Checkpoint is not due to release any patches until 20 June.

What’s the risk to me or my business?

The vulnerability in Check Point’s products could pose a significant risk to your organisation. If exploited, it could potentially allow an attacker to access sensitive information from your Check Point Security Gateways. In some instances, the attacker might even gain domain admin privileges. This could compromise the confidentiality, integrity, and availability of your organisation’s data

What can I do?

Check Point have not released any patches for this vulnerability however they have released automatic interim preventative measures deployed through AutoUpdater utility. Black arrow recommends following Check Points advice, which can be found in their advisory linked below.

Technical Summary

CVE-2024-24919 - A path traversal vulnerability, which could allow an attacker to read any file on the system. No specific privilege level is required to exploit this vulnerability.

The affected products are:

·         CloudGuard Network

·         Quantum Maestro

·         Quantum Scalable Chassis

·         Quantum Security Gateways

·         Quantum Spark Appliances

A security gateway is vulnerable if one of the configurations is applied:

·         If the “IPSec VPN” blade has been enabled and the Security Gateway device is part of the “Remote Access” VPN community.

·         If the “Mobile Access” blade has been enabled.

The advisory provided by Check Point can be found here:

https://support.checkpoint.com/results/sk/sk182336

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin
Previous

Black Arrow Cyber Advisory 12 June 2024 – Fortinet FortiGate SSL VPN Vulnerability Leads to 20,000 Systems Being Breached by China Globally
Next

Black Arrow Cyber Threat Briefing 07 June 2024