On May 27th, the Check Point Research Division reported a vulnerability in certain Check Point Quantum Security Gateway devices. The vulnerability provides a remote attacker the ability to access protected information on an affected device without credentials.
Executive Summary
On May 27th, the Check Point Research Division reported a vulnerability in certain Check Point Quantum Security Gateway devices. The vulnerability is being tracked as CVE-2024-24919, which provides a remote attacker the ability to access protected information on an affected device without credentials.
Check Point discovered the vulnerability as part of internal testing, and patches were immediately released in the form of a Security Gateway Hotfix. During their study, Check Point’s dedicated task force reported seeing attacks leveraging this vulnerability against a “few customers”. Additionally, third-party cybersecurity firm Mnemonic has reported observing attacks leveraging this vulnerability to steal Active Directory credentials. The patches provided by Check Point require an account to download and examine, and third-party security firm Watchtowr has already reverse engineered enough details of the vulnerability for attackers to develop and deploy weaponized exploits over the next few days.
Given these factors, Lodestone believes immediate deployment of Check Point’s released software patches is crucial.
Affected Systems / Products
The vulnerability affects the following Check Point products:
- Products
- CloudGuard Network
- Quantum Maestro
- Quantum Scalable Chassis
- Quantum Security Gateways
- Quantum Spark Appliances
- Versions
- R77.20 (EOL)
- R77.30 (EOL)
- R80.10 (EOL)
- R80.20 (EOL)
- R80.20.x
- R80.20SP (EOL)
- R80.30 (EOL)
- R80.30SP (EOL)
- R80.40 (EOL)
- R81
- R81.10
- R81.10.x
- R81.20
Mitigations / Workarounds
The only recommended mitigation or workaround for this vulnerability besides the software patch is to disable Remote Access and Mobile Access functions. The steps provided to do this are as follows:
- In SmartConsole > Security Gateway object properties > General Properties > clear the Mobile Access checkbox.
- Disable the Remote Access functionality: in Security Gateway object properties > VPN Clients > clear all checkboxes.
- Click OK and install the Access Control policy.
You can find these steps on their support page for this advisory here.
Patches
Check Point provided software patches at the time of disclosure. Users with supported versions of the Security Gateway can download Check Point’s Hotfix update patches here and apply them as follows:
- In the Gaia Portal on the Security Gateway, go to Software Updates > Available Updates > Hotfix Updates.
- Click Install. The process should take 5 to 10 minutes to complete, and the confirmation window will be displayed.
- Reboot the Security Gateway.
Users with unsupported versions of Check Point Security Gateway are strongly encouraged to upgrade to a supported version and apply the appropriate Hotfix.
How Lodestone is Responding
Lodestone is monitoring client perimeter devices discovered by Karma to identify potentially impacted devices and support organizations in remediation of any issues found.
