Check Point Software Technologies recently revealed a zero-day vulnerability that has been linked to attempted attacks on its VPN technology. In a recent blog post, Check Point warned that threat actors had targeted a small number of customers by trying to log in to old VPN local accounts that only used password authentication. The cybersecurity vendor recommended against using password-only authentication for local accounts and issued a hotfix for its Security Gateway products to prevent such authentication for those accounts.
Following an update to the initial blog post, Check Point identified the root cause of the attempted logins as a zero-day vulnerability known as CVE-2024-24919. This vulnerability could potentially allow an attacker to access certain information on Internet-connected Gateways with remote access VPN or mobile access enabled. The affected products and tools include CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. Check Point promptly released hotfixes for the zero-day flaw and advised customers to apply the necessary patches.
In a FAQ about CVE-2024-24919, Check Point emphasized that the attempts to exploit the vulnerability were focused on remote access on old local accounts with insecure password-only authentication. The severity of the vulnerability was rated as high by Check Point, although no CVSS score has been assigned to it yet.
While the vulnerability has been exploited, it remains unclear whether any of the attempted attacks resulted in threat actors successfully gaining unauthorized access to customers’ VPNs or networks. Check Point clarified in its updated blog post and FAQ that they had only observed attempts to gain unauthorized access and not confirmed successful breaches. The company reassured customers that their network was not affected by the incident and that they are committed to investigating further, creating rapid fixes, and communicating any relevant updates.
VPNs and other edge or network boundary devices have increasingly become targets for various threat actors in recent years. With the widespread shift to remote work during the COVID-19 pandemic, government agencies have repeatedly warned about nation-state threat actors exploiting known vulnerabilities in VPN products to gain initial access to targeted organizations.
Furthermore, cybercriminal and ransomware groups have also honed in on VPNs as lucrative targets. Examples include last year’s incidents involving the Akira and LockBit ransomware gangs targeting Cisco VPNs that lacked multi-factor authentication protection.
As Check Point continues to address the zero-day vulnerability and support its customers, the cybersecurity landscape remains dynamic and challenging. It is imperative for organizations to stay vigilant, promptly apply security patches, and adopt best practices to safeguard their networks and sensitive information from evolving threats.
Overall, the disclosure of the zero-day vulnerability underscores the importance of proactive cybersecurity measures and serves as a reminder of the ongoing cat-and-mouse game between cyber defenders and threat actors in the relentless battle for digital security.