Check Point Software Technologies, a leading cybersecurity company, has released an emergency fix for a critical vulnerability in its VPN gateway products. This zero-day flaw, tracked as CVE-2024-24919, could allow attackers to gain unauthorized access to corporate networks.
The vulnerability affects several Check Point products, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances running specific software versions. Check Point initially warned customers about a surge in attacks targeting their VPN devices on May 27th, 2024. They later identified the source as a previously unknown vulnerability and released a hotfix within hours.
The vulnerability, rated 7.5 out of 10 on the CVSS 3.0 severity scale, could potentially allow attackers to read sensitive information on affected gateways. Check Point has confirmed that the attacks observed so far focused on remote access scenarios involving old local accounts with weak, password-only authentication.
The company urges all customers to apply the available hotfix immediately and review their local VPN accounts to ensure they are using strong authentication methods. This incident highlights the importance of staying vigilant and promptly applying security updates to protect against evolving cyber threats.
Key Points:
- Check Point released an emergency fix for a critical zero-day vulnerability in its VPN gateway products.
- The vulnerability, CVE-2024-24919, could allow attackers to gain unauthorized access to corporate networks.
- Several Check Point products are affected, including CloudGuard Network, Quantum Maestro, and Quantum Security Gateways.
- Check Point urges customers to apply the hotfix immediately and review their local VPN accounts.