Fri, May 31, 2024

CVE-2024-24919: Zero-Day Vulnerability Detected in Check Point Products

Note: This vulnerability remains under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.

A critical zero-day vulnerability, being tracked as CVE-2024-24919, has been discovered and patched in a number of Check Point products. This vulnerability has a CVSS score of 8.6 assigned by Check Point and is actively being exploited in the wild with proof of concept (POC) exploits available. It impacts Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40, and Check Point Spark versions R81.10, R80.20.

Check Point's advisory states: “An information disclosure vulnerability exists in Check Point VPN. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information.”

The Kroll Cyber Threat Intelligence (CTI) team assesses that this vulnerability is an arbitrary file read and path traversal vulnerability, which could allow an unauthenticated attacker to read any file on the appliance, including files that contain root credentials to the appliance, and therefore rate it with a score of CVSS: 9.1, Critical. Kroll has observed cases where this vulnerability was leveraged to pivot to the internal network by an unknown threat group.

Kroll assesses that due to the simplicity of exploit, other threat groups will likely leverage this vulnerability. In 2024, ransomware groups have become very adept at leveraging vulnerabilities in edge networking appliances, especially VPN gateways, and therefore it is highly likely that these groups will quickly move to exploit this vulnerability en masse.

Our CTI team recommends following the guidance in the Check Point advisory to install the hotfix.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Cyber Threat Intelligence

Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Managed Services

Processes and strategies to manage and optimize information produced through M&A, divestitures and integration.

Digital Risk Protection

Proactively safeguard your organization’s digital assets and accelerate visibility of online threats.