CVE-2024-24919

CVSS 7.5 HIGH (Provisional)

On 27 May 2024, Check Point disclosed a vulnerability impacting the following products:

• CloudGuard Network
• Quantum Maestro
• Quantum Scalable Chassis
• Quantum Security Gateways
• Quantum Spark Appliances

CVE-2024-24919 is an information disclosure vulnerability which would allow an unauthenticated threat actor to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.

The following versions are known to be affected:

• R77.20 (EOL)
• R77.30 (EOL)
• R80.10 (EOL)
• R80.20 (EOL)
• R80.20.x
• R80.20SP (EOL)
• R80.30 (EOL)
• R80.30SP (EOL)
• R80.40 (EOL)
• R81, R81.10
• R81.10.x
• R81.20

The vulnerability is exploitable on affected systems if ONE of the following conditions is met:

• The IPsec VPN Blade is enabled, but ONLY when included in the Remote Access VPN  community.
• The Mobile Access Software Blade is enabled.

Check Point has issued detailed instructions for applying hotfixes to affected services to mitigate this vulnerability.  Additionally, The following has also been recommended:

• Change the password of the Security Gateway’s account in Active Directory
• Prevent Local Accounts from connecting to VPN with Password Authentication

The announcement of this vulnerability comes after Check Point identified a small number of login attempts on older local VPN accounts that used an unrecommended password-only authentication method.  This indicates that the vulnerability is being exploited in the wild, and so the recommended hotfixes should be applied as soon as practicable.