Security News > 2024 > May > Check Point releases emergency fix for VPN zero-day exploited in attacks

Check Point releases emergency fix for VPN zero-day exploited in attacks
2024-05-29 13:31

Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks.

Tracked as CVE-2024-24919, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled.

"The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled," reads an update on Check Point's previous advisory.

Check Point created a FAQ page with additional information about CVE-2024-24919, IPS signature, and manual hotfix installation instructions.

Check Point has created a remote access validation script that can be uploaded onto 'SmartConsole' and executed to review the results and take appropriate actions.

Hackers target Check Point VPNs to breach enterprise networks.


News URL

https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-05-28 CVE-2024-24919 Unspecified vulnerability in Checkpoint products
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.
network
low complexity
checkpoint
8.6