Fortra’s Alert Logic is investigating a vulnerability in the Check Point VPN – CVE-2024-24919. This information disclosure vulnerability could allow an attacker to access sensitive information on internet-exposed Check Point Security Gateways with IPsec VPN in the Remote Access VPN community and the Mobile Access software blade. Security updates are available to mitigate this vulnerability.
Who is affected?
The following versions of Check Point platforms are affected.
- Check Point Quantum Gateway versions R81.20, R81.10, R81, and R80.40
- CloudGuard Network versions R81.20, R81.10, R81, and R80.40
- Check Point Spark versions R81.10 and R80.20
What can I do?
Check Point has released security updates for this vulnerability, which are available on the Security Gateway portal.
For more information about the update, refer to Check Point’s advisory.
The following additional security measures are also recommended:
- Change the password of the LDAP Account Unit
- Reset password of local accounts connecting to VPN with password authentication
- A Tool to identify vulnerable Security Gateways
- Prevent Local Accounts from connecting to VPN with Password Authentication
- Renew Security Gateway's Inbound SSL Inspection server certificates
- Renew Security Gateway's Outbound SSL Inspection CA certificate
- Reset Gaia OS passwords for all local users
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities in addition to those listed below.
Vulnerability Scanning: Alert Logic released unauthenticated scan coverage on June 6, 2024, to check for vulnerable hosts. If the vulnerability is found, an exposure (EID: 267763) will be raised for CVE-2024-24919.
WAF: A virtual patch that detects and blocks exploit attempts has been released. The patch is available in the Emerging Threats Virtual Patch Group. Website security profiles configured to use Emerging Threat Virtual Patches will implement the protection automatically.
Network IDS: Alert Logic released IDS telemetry on June 4, 2024, to monitor for CVE-2024-24919 exploit activity. Incident-generating IDS coverage was released on June 13, 2024.
Updates
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
06/04/2024: Alert Logic released IDS telemetry to monitor for exploit activity.
06/06/2024: Alert Logic released unauthenticated scan coverage to check for vulnerable hosts.
06/13/2024: Alert Logic released IDS coverage to generate incidents for CVE-2024-24919.
Comments
0 comments
Please sign in to leave a comment.