Check Point VPN Zero-Day Vulnerability Enables Remote Access for Attackers
Share
Check Point, a leading cybersecurity vendor, has swiftly released emergency patches to counter a critical zero-day vulnerability found in its VPN products. This flaw, which has been actively exploited by threat actors, allows unauthorized access to sensitive information on internet-connected gateways with remote access VPN or mobile access enabled.
The vulnerability, identified as CVE-2024-24919, poses a significant threat as it enables attackers to gain unauthorized access. This issue was discovered during a surge in attacks targeting VPN devices. Initially, on May 27, 2024, Check Point warned customers about attacks exploiting old VPN local accounts that relied on weak, password-only authentication methods. The root cause was later identified as a zero-day flaw, CVE-2024-24919, which has been exploited since at least April 30, 2024.
Affected Products
Several Check Point products are impacted by this vulnerability, including:
- CloudGuard Network
- Quantum Maestro
- Quantum Scalable Chassis
- Quantum Security Gateways
- Quantum Spark Appliances
The affected versions are R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.
Security Implications
WatchTowr Labs has indicated that this vulnerability enables attackers to access particular information on compromised gateways, which can include retrieving password hashes and other sensitive data. This breach can facilitate lateral movement within the victim’s network, posing substantial security threats. Additionally, attackers have been seen extracting Active Directory data and utilizing Visual Studio Code to route malicious traffic.
Immediate Hotfix and Mitigations
Check Point has responded promptly by releasing hotfixes for the affected products, available through the Security Gateway portal. The application process takes approximately 10 minutes and requires a reboot. Post-installation, login attempts using weak credentials will be automatically blocked and logged.
For those who cannot apply the hotfix immediately, Check Point recommends enhancing security by updating Active Directory passwords and utilizing a remote access validation script available on their support site. Additionally, administrators are advised to rotate passwords for LDAP connections and monitor logs for signs of compromise.
Importance of Robust Security Practices
The exploitation of CVE-2024-24919 underscores the critical need for robust security practices and timely updates. Customers are strongly urged to apply the patches immediately and follow the recommended security measures to safeguard their networks from further attacks.
By addressing these vulnerabilities promptly and effectively, Check Point continues to demonstrate its commitment to cybersecurity and the protection of its customers’ networks. Stay vigilant and ensure your systems are up to date to mitigate these evolving threats.
What factors should be considered when selecting the best and fastest VPN service?
- Security Protocols: Look for VPNs that offer strong encryption protocols like OpenVPN or IKEv2/IPsec. Ensure they have a no-logs policy to protect user privacy.
- Server Locations: A wider range of server locations means better access to geo-blocked content and reduced latency. This also allows for better performance during peak hours.
- Connection Speed: The VPN service should offer high-speed connections to prevent buffering or lagging during browsing or streaming.
- Reliability and Uptime: Choose a VPN with high uptime and reliability to ensure consistent access to the internet without interruptions.
- Compatibility: Ensure the VPN is compatible with various devices and platforms including desktops, laptops, smartphones, and routers.
- Customer Support: Look for VPN providers with responsive customer support to address any technical issues promptly.
- Price and Value: Consider the pricing plans and features offered by different VPN services to ensure you’re getting the best value for your money.
- Reputation and Reviews: Check reviews and ratings from reputable sources to gauge the reliability and performance of the VPN service.
- Data Limits and Bandwidth: Opt for VPNs with generous data limits and unlimited bandwidth to avoid restrictions on usage.
- Additional Features: Some VPNs offer additional features like ad-blocking, malware protection, or split tunneling, which can enhance the overall browsing experience.
- Transparency and Privacy Policy: Ensure the VPN provider has transparent policies regarding data collection, usage, and sharing to maintain user privacy and trust.