| A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential access to local accounts due to an arbitrary file read vulnerability. Other sensitive files such as SSH keys and certificates may also be read. Depending on the privileges associated with the accounts, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Local accounts that are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights. |
| Threat Intelligence Check Point is aware that an exploit for CVE-2024-24919 exists in the wild and is being actively exploited. Additionally, the Norwegian cybersecurity organization mnemonic has reported observing threat actors extracting ntds.dit, a store of Active Directory hashes on a Domain Controller, from compromised customers within 2-3 hours after logging in with a local user. |
| Systems Affected |
| Quantum Security Gateway and CloudGuard Network Security prior to R81.20, R81.10, R81, R80.40 Quantum Maestro and Quantum Scalable Chassis prior to R81.20, R81.10, R80.40, R80.30SP, R80.20SP Quantum Spark Gateways prior to R81.10.x, R80.20.x, R77.20.x |
| Risk Government: – Large and medium government entities: High – Small government entities: High |
| Businesses: – Large and medium business entities: High – Small business entities: High |
| Home Users: Low |
| Recommendations |
| Apply the updates provided by Check Point to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. |
| References Check Point: https://support.checkpoint.com/results/sk/sk182336 https://blog.checkpoint.com/security/enhance-your-vpn-security-posture/ |