Zero-Day Alert: Check Point Gateways Under Active Attack (CVE-2024-24919)

Check Point, a cybersecurity firm, has urged its clients to review their VPN configurations to prevent potential attacks from malicious actors attempting to access corporate networks.

In its May 28th notification, the company highlighted that VPNs from various security system providers are increasingly becoming targets for attacks. Specifically, Check Point has recorded attempted breaches of its clients’ VPNs.

Tracked as CVE-2024-24919 (CVSS score: 7.5), the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances.

Hotfixes are available in the following versions –

• Quantum Security Gateway and CloudGuard Network Security Versions – R81.20, R81.10, R81, R80.40
• Quantum Maestro and Quantum Scalable Chassis – R81.20, R81.10, R80.40, R80.30SP, R80.20SP
• Quantum Spark Gateways Version – R81.10.x, R80.20.x, R77.20.x

On May 24, 2024, several attempts were discovered involving outdated local VPN accounts authenticated solely by passwords. These attacks did not exploit software vulnerabilities but relied on weak authentication methods.

Check Point responded to the incidents by mobilizing specialized teams for investigation.

“By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method,” the company reported. “Relying on these customers notifications and Check Point’s analysis, the teams found within 24 hours a few potential customers which were subject to similar attempts.”

The notification also emphasizes the inadequacy of password-only authentication for securing remote network access.

“Password-only authentication is considered an unfavourable method to ensure the highest levels of security, and we recommend not to rely on this when logging-in to network infrastructure,” the notification states.

To protect against such attacks, Check Point advises organizations to review the use of local accounts and disable unnecessary ones. For essential accounts, it recommends enhancing security by adding layer of authentication, such as certificates, to complement passwords.

To assist its clients, Check Point has released a solution designed to automatically prevent unauthorized access through local accounts authenticated only by passwords. This solution can be deployed on security gateways to bolster protection against such attacks.

“This will automatically prevent unauthorized access to your VPNs by local accounts with password-only authentication method,” the company explained.