Security News > 2024 > May > Check Point VPN zero-day exploited in attacks since April 30

Check Point VPN zero-day exploited in attacks since April 30
2024-05-29 19:39

Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks.

Check Point warned customers on Monday that attackers are targeting their security gateways using old VPN local accounts with insecure password-only authentication.

"The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled," Check Point explained in an update to the initial advisory.

While Check Point shared that the attacks targeting CVE-2024-24919 as a zero-day started around May 24, cybersecurity company mnemonic warned today that it observed exploitation attempts in some of its customer environments since April 30.

The company added that the vulnerability is "Particularly critical" because it's easy to exploit remotely since it doesn't require user interaction or any privileges on attacked Check Point security gateways with Remote Access VPN and Mobile Access enabled.

Check Point releases emergency fix for VPN zero-day exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/check-point-vpn-zero-day-exploited-in-attacks-since-april-30/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-05-28 CVE-2024-24919 Unspecified vulnerability in Checkpoint products
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.
network
low complexity
checkpoint
8.6