On May 27, 2024, Check Point released hot fixes for an information disclosure vulnerability being leveraged by threat actors to target Check Point VPNs. This vulnerability was labeled as CVE-2024-24919 and is rated as high severity, as a remote threat actor can exploit the vulnerability to access information on Gateways connected to the Internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. Check Point identified a small number of login attempts in customer environments using old VPN local-accounts utilizing password-only authentication method, which is not recommended. Check Point is currently working with customers that were affected to remediate the vulnerability and encourages customers to reach out to their Check Point Representative for any questions. Gateway vulnerabilities that can lead to information disclosure are enticing targets for threat actors, such as the Citrix Bleed vulnerability (CVE-2023-4966), which was exploited towards the end of 2023. This vulnerability was leveraged by various threat actors to target multiple industries, and highlights the potential widespread impact of these vulnerabilities.
|
