Latest Headline 

CVE-2024-24919 is a critical zero-day arbitrary file read vulnerability discovered in Check Point Security Gateways with IPSec VPN or Mobile Access blades enabled. CVE-2024-24919 is being actively exploited by attackers to read sensitive data such as password hashes, potentially leading to network compromise. Check Point has disclosed the vulnerability and released hotfixes for affected products, urging immediate updates.

Key Points:

• First identified in early April 2024

• Affects over 13,800 internet-facing devices worldwide

• A hotfix was provided by Check Point for affected Gateway versions

Fletch is constantly monitoring the threat landscape. The data in this guide is most up to date as of publication. Check out CVE-2024-24919’s Threat Board for any updates or join Fletch to be in the know for every threat.

CVE-2024-24919 Summary

There are no specific aliases or attributions linked to this exploitation. The vulnerability affects various Check Point products, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances. Although no particular threat group has been identified, the widespread impact suggests coordinated efforts by malicious actors.

• Severity: Critical

• Maturity: Mainstream

• IOCs: 0 Malware hashes and 1 vulnerability

• Targets: 1 tech target, 1 industry target, and 2 geo targets

Learn more about Fletch’s metrics in the Fletch Help Center.

CVE-2024-24919 Victims & Motivations

The primary victims of CVE-2024-24919 are smaller commercial organizations, particularly in Japan. The attackers' motivations appear to be credential theft, enabling them to escalate privileges and conduct further malicious activities within compromised networks. This vulnerability presents significant risks due to its ability to be exploited remotely without user interaction. 

CVE-2024-24919 Tactics

Attackers exploit this vulnerability by sending specially crafted requests to the affected devices. This method enables them to traverse directories and access sensitive files, including password hashes. Tools such as Visual Studio Code have been observed being used for tunneling traffic and exfiltrating data from compromised systems.

Migration Advice

At the time of publication this was the mitigation advice against CVE-2024-24919:

• Immediately apply the hotfix provided by Check Point for the affected Gateway versions as specified in the security advisory (sk182336).

• Check if your business uses Check Point VPN solutions and identify any local accounts that might be affected.

• If you do, immediately apply the patches provided by Check Point for the VPN vulnerability.

• Change Authentication Methods: Temporarily enforce stronger authentication methods for VPN access. If possible, switch to certificate-based authentication until all accounts and systems are verified secure.

• Run the remote access validation script provided by Check Point on 'SmartConsole' to review security settings and take necessary actions.

At the time of publication these are the right compliance controls to focus on for CVE-2024-24919:

• Change default usernames and passwords after installation, and avoid reusing passwords between different accounts.

• Make sure to connect your security data to your Fletch workspace, so that Fletch is able to correlate and prioritize threats like this effectively in the future.

• Regularly check the permission levels of local accounts to ensure no unauthorized accounts have been created.

• Regularly audit and review user accounts and their permissions to ensure only authorized users have access to privileged accounts.

You can check out the most recent mitigation measures by creating an account when you join Fletch.

Communication

On top of mitigation advice, Fletch also provides Beta AI generated communications so you can educate your different company stakeholders. At the time of publication, this was what was recommended for the following:

For employees:

For customers:

For more templates for your different stakeholders, create a workspace when you join Fletch.

Takeaway

CVE-2024-24919 poses a severe threat due to its ease of exploitation and potential for significant data breaches. Organizations using affected Check Point products must apply the provided hotfixes immediately, reset local account credentials, and enhance security measures such as multi-factor authentication to mitigate the risks. 

Timely updates and robust security practices are essential to protect against this critical vulnerability.

CVE-2024-24919 is just one example of an ever evolving threat that Fletch helps you keep track of, and prioritizes. 

Our AI engine is constantly scanning and indexing the threat landscape for you so you can plug the gaps in your security. You can use Fletch to prioritize your alerts, forecast threats to your tech and people early, or give you daily advice on what to do.

Join the Fletch waitlist and try it for yourself.