TLDR:
- Check Point warns of a zero-day vulnerability in its VPN Gateway products.
- Exploitation attempts targeting these products have been observed since April 30, 2024.
Check Point has issued a warning about a zero-day vulnerability in its Network Security gateway products that threat actors have been exploiting in the wild. Tracked as CVE-2024-24919 with a CVSS score of 7.5, the vulnerability impacts several Check Point products including CloudGuard Network, Quantum Maestro, and Quantum Security Gateways. The issue allows attackers to potentially read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled.
Hotfixes are available for affected versions, but exploitation attempts have already been observed targeting customer environments. These attempts involve extracting password hashes for all local accounts, including the account used to connect to Active Directory. This critical vulnerability is considered trivial to exploit and does not require user interaction or privileges.
Check Point has not provided details on the nature of these attacks, but they have noted that attackers are motivated to gain access to organizations over remote-access setups in order to discover enterprise assets and users. Previous attacks targeting network perimeter applications from other companies like Barracuda Networks and Palo Alto Networks suggest a trend of exploiting VPN devices.
Security firm mnemonic has also observed exploitation attempts involving the Check Point vulnerability since April 30, 2024. These attempts allow threat actors to extract Active Directory data within hours of logging in with a local user, enabling lateral movement within the network.
Overall, the threat of these zero-day attacks highlights the importance of timely patching and vigilance in monitoring network security to protect against potential breaches and data exfiltration.