{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-053.pdf"
    },
    "title": "Zero-day Vulnerability in Check Point Security Gateways",
    "serial_number": "2024-053",
    "publish_date": "30-05-2024 09:26:17",
    "description": "On May 28, 2024, Check Point issued an advisory about a zero-day vulnerability, CVE-2024-24919, affecting Check Point Security Gateways. This high-severity information disclosure vulnerability can be exploited to gain unauthorised access to sensitive information on systems with remote Access VPN or Mobile Access Software Blades enabled.<br>\nIt is recommended applying the hotfix and the extra protection measures provided by the vendor on affected devices.<br>\n",
    "url_title": "2024-053",
    "content_markdown": "---\ntitle: 'Zero-day Vulnerability in\u00a0Check\u00a0Point\u00a0Security\u00a0Gateways'\nnumber: '2024-053'\nversion: '1.0'\noriginal_date: 'May 28, 2024'\ndate: 'May 30, 2024'\n---\n\n_History:_\n\n* _30/05/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn May 28, 2024, Check Point issued an advisory about a zero-day vulnerability, **CVE-2024-24919**, affecting Check Point Security Gateways. This high-severity information disclosure vulnerability can be exploited to gain unauthorised access to sensitive information on systems with remote Access VPN or Mobile Access Software Blades enabled [1].\n\nIt is recommended applying the hotfix and the extra protection measures provided by the vendor on affected devices.\n\n# Technical Details\n\nTracked as **CVE-2024-24919**, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled [1].\n\n# Affected Products\n\nCheck Point has released the following security updates to address the flaw [1]:\n\n- Quantum Security Gateway and CloudGuard Network Security: R81.20, R81.10, R81, R80.40\n- Quantum Maestro and Quantum Scalable Chassis: R81.20, R81.10, R80.40, R80.30SP, R80.20SP\n- Quantum Spark Gateways: R81.10.x, R80.20.x, R77.20.x\n\n# Recommendations\n\nCERT-EU recommends applying the hotfix and the extra protection measures on affected devices as soon as possible [2].\n\n## Extra Protection Measures\n\nAs described in Check Point's advisory, it is strongly recommended [2]:\n\n- changing the password of the Security Gateway's account in Active Directory;\n- preventing local accounts from connecting to VPN with password authentication.\n\nUpon taking these actions, it is also recommended reviewing the authentication logs for those local accounts to identify any suspicious connection.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/>\n\n[2] <https://support.checkpoint.com/results/sk/sk182336>",
    "content_html": "<p><em>History:</em></p><ul><li><em>30/05/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On May 28, 2024, Check Point issued an advisory about a zero-day vulnerability, <strong>CVE-2024-24919</strong>, affecting Check Point Security Gateways. This high-severity information disclosure vulnerability can be exploited to gain unauthorised access to sensitive information on systems with remote Access VPN or Mobile Access Software Blades enabled [1].</p><p>It is recommended applying the hotfix and the extra protection measures provided by the vendor on affected devices.</p><h2 id=\"technical-details\">Technical Details</h2><p>Tracked as <strong>CVE-2024-24919</strong>, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled [1].</p><h2 id=\"affected-products\">Affected Products</h2><p>Check Point has released the following security updates to address the flaw [1]:</p><ul><li>Quantum Security Gateway and CloudGuard Network Security: R81.20, R81.10, R81, R80.40</li><li>Quantum Maestro and Quantum Scalable Chassis: R81.20, R81.10, R80.40, R80.30SP, R80.20SP</li><li>Quantum Spark Gateways: R81.10.x, R80.20.x, R77.20.x</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends applying the hotfix and the extra protection measures on affected devices as soon as possible [2].</p><h3 id=\"extra-protection-measures\">Extra Protection Measures</h3><p>As described in Check Point's advisory, it is strongly recommended [2]:</p><ul><li>changing the password of the Security Gateway's account in Active Directory;</li><li>preventing local accounts from connecting to VPN with password authentication.</li></ul><p>Upon taking these actions, it is also recommended reviewing the authentication logs for those local accounts to identify any suspicious connection.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/\">https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.checkpoint.com/results/sk/sk182336\">https://support.checkpoint.com/results/sk/sk182336</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}