Product
Jake Trujillo
Jun 3, 2024
Latest Headline
CVE-2024-24919 is a critical zero-day arbitrary file read vulnerability discovered in Check Point Security Gateways with IPSec VPN or Mobile Access blades enabled. CVE-2024-24919 is being actively exploited by attackers to read sensitive data such as password hashes, potentially leading to network compromise. Check Point has disclosed the vulnerability and released hotfixes for affected products, urging immediate updates.
Key Points:
First identified in early April 2024
Affects over 13,800 internet-facing devices worldwide
A hotfix was provided by Check Point for affected Gateway versions
Fletch is constantly monitoring the threat landscape. The data in this guide is most up to date as of publication. Check out CVE-2024-24919’s Threat Board for any updates or join Fletch to be in the know for every threat.
CVE-2024-24919 Summary
There are no specific aliases or attributions linked to this exploitation. The vulnerability affects various Check Point products, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances. Although no particular threat group has been identified, the widespread impact suggests coordinated efforts by malicious actors.
Severity: Critical
Maturity: Mainstream
IOCs: 0 Malware hashes and 1 vulnerability
Targets: 1 tech target, 1 industry target, and 2 geo targets
Learn more about Fletch’s metrics in the Fletch Help Center.
CVE-2024-24919 Victims & Motivations
The primary victims of CVE-2024-24919 are smaller commercial organizations, particularly in Japan. The attackers' motivations appear to be credential theft, enabling them to escalate privileges and conduct further malicious activities within compromised networks. This vulnerability presents significant risks due to its ability to be exploited remotely without user interaction.
CVE-2024-24919 Tactics
Attackers exploit this vulnerability by sending specially crafted requests to the affected devices. This method enables them to traverse directories and access sensitive files, including password hashes. Tools such as Visual Studio Code have been observed being used for tunneling traffic and exfiltrating data from compromised systems.
Migration Advice
At the time of publication this was the mitigation advice against CVE-2024-24919:
Immediately apply the hotfix provided by Check Point for the affected Gateway versions as specified in the security advisory (sk182336).
Check if your business uses Check Point VPN solutions and identify any local accounts that might be affected.
If you do, immediately apply the patches provided by Check Point for the VPN vulnerability.
Change Authentication Methods: Temporarily enforce stronger authentication methods for VPN access. If possible, switch to certificate-based authentication until all accounts and systems are verified secure.
Run the remote access validation script provided by Check Point on 'SmartConsole' to review security settings and take necessary actions.
At the time of publication these are the right compliance controls to focus on for CVE-2024-24919:
Change default usernames and passwords after installation, and avoid reusing passwords between different accounts.
Make sure to connect your security data to your Fletch workspace, so that Fletch is able to correlate and prioritize threats like this effectively in the future.
Regularly check the permission levels of local accounts to ensure no unauthorized accounts have been created.
Regularly audit and review user accounts and their permissions to ensure only authorized users have access to privileged accounts.
You can check out the most recent mitigation measures by creating an account when you join Fletch.
Communication
On top of mitigation advice, Fletch also provides Beta AI generated communications so you can educate your different company stakeholders. At the time of publication, this was what was recommended for the following:
For employees:
For customers:
For more templates for your different stakeholders, create a workspace when you join Fletch.