Recent analysis reveals that over 13,800 Checkpoint gateways are currently exposed to a critical zero-day vulnerability, CVE-2024-24919. This flaw, initially categorized as an “information disclosure” issue, has been identified as an arbitrary file read vulnerability, allowing attackers to access any file on the affected systems. This threat predominantly affects Quantum Spark Appliances, widely used by small and medium-sized businesses, with significant exposure in Japan and Italy.
Vulnerability Overview
- CVE: CVE-2024-24919
- Type: Arbitrary File Read Vulnerability
- Affected Products: Check Point Quantum and CloudGuard solutions with IPSec VPN or Mobile Access blades enabled.
- Versions Impacted: Products with versions dating back to 2020.
- PoC Release Date: May 30, 2024
- Initial Exploitation Date: April 7, 2024
Technical Details
Researchers have discovered that this vulnerability allows unauthorized attackers to read arbitrary files from the system. Exploitation of this flaw can lead to severe breaches, including the extraction of sensitive Active Directory credentials, resulting in potential network compromises.
Geographic Distribution:
- Japan: 6,202 hosts
- Italy: 1,004 hosts
Many exposed hosts are part of the Open Computer Network (OCN) services by NTT Communications Corporation in Japan.
Impact and Exploitation
Security firm Mnemonic has reported incidents where attackers leveraged this vulnerability to extract Active Directory credentials, posing a significant risk of widespread network compromise. The availability of a publicly released proof-of-concept (PoC) exacerbates the threat, making it easier for attackers to exploit the vulnerability.
Mitigation and Recommendations
CheckPoint has issued security updates for the affected products:
- Quantum Security Gateway and CloudGuard Network Security: R81.20, R81.10, R81, R80.40
- Quantum Maestro and Quantum Scalable Chassis: R81.20, R81.10, R80.40, R80.30SP, R80.20SP
- Quantum Spark Gateways: R81.10.x, R80.20.x, R77.20.x
Action Items:
- Identify Affected Systems: Check for systems running the impacted versions of Check Point products with Remote Access VPN or Mobile Access Software Blades enabled.
- Apply Security Updates: Follow the vendor advisory to apply the necessary patches and updates.
- Monitor for Indicators of Compromise (IoCs): Implement monitoring to detect potential exploitation attempts or unauthorized file access.
- Strengthen Security Posture: Review and enhance access controls, and ensure robust network segmentation to mitigate the impact of potential breaches.
The CVE-2024-24919 vulnerability represents a critical threat to organizations using Check Point gateways. Immediate action is required to apply security updates and mitigate the risk of exploitation. Continuous monitoring and adherence to security best practices are essential to protect against this and future vulnerabilities.
