A high alert notification has been issued by the Australian Cyber Security Centre (ACSC) regarding vulnerabilities that impact Check Point Gateways with Mobile Access blades or IPsec VPN enabled. The zero-day vulnerability, identified as CVE-2024-24919, poses a significant risk as it allows attackers to access private data on vulnerable systems and potentially compromise large networks.
The vulnerability CVE-2024-24919 has been classified as an arbitrary file read vulnerability, enabling attackers to read any infected file without the need for authentication or special privileges. This flaw could be exploited by attackers to steal user credentials, launch phishing attacks, or conduct lateral attacks within a network. The potential consequences of exploiting this vulnerability include the theft of sensitive information, disruption of operations through the installation of malware, and unauthorized access to critical systems.
In response to active exploitation attempts targeting unpatched Check Point devices, the ACSC issued a high alert notice on May 31. Check Point has released a hotfix to address the CVE-2024-24919 vulnerability and organizations are strongly advised to apply the patch to secure their systems. The exploitation of this vulnerability could allow attackers to gain complete control over a network, including domain admin privileges.
Research conducted on ODIN, an Internet search engine developed by Cyble for attack surface management and threat intelligence, revealed that over 15,000 instances of Check Point devices globally are internet-facing and potentially vulnerable. Users can utilize ODIN’s query services modules to track Check Point devices exposed on the platform. The affected Check Point products include CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances. Software versions impacted by the vulnerability include R80.20.x, R80.20SP, R80.40, R81, R81.10, R81.10.x, and R81.20.
Organizations using Check Point Security Gateway devices are strongly advised by the ACSC to inspect their systems for affected software versions and apply the necessary patches according to Check Point’s instructions. Additionally, organizations are recommended to reset local account credentials on patched systems to mitigate potential risks associated with compromised password hashes.
While the ACSC’s warning is specific to Australian organizations, the global threat posed by the vulnerability requires immediate action from organizations worldwide to identify and patch affected Check Point devices. The situation surrounding CVE-2024-24919 is evolving, and it is crucial for organizations to stay vigilant and prepared for potential developments.
In the coming days, security researchers are expected to continue analyzing the zero-day vulnerability, potentially releasing detailed technical reports on exploit mechanisms and attack vectors. Malicious actors may also release exploit code for CVE-2024-24919, leading to increased attacks on vulnerable devices. Check Point is likely to provide updates and guidance on security hotfixes, and organizations should monitor for any revised patching instructions.
As the news of the vulnerability spreads, organizations should anticipate a rise in attempted attacks targeting unpatched Check Point devices. The discovery of CVE-2024-24919 may also uncover related vulnerabilities in other Check Point products or security software from different vendors, requiring organizations to stay informed and implement appropriate mitigation measures.