Security News > 2024 > May > Check Point VPN zero-day exploited in attacks since April 30
Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks.
Check Point warned customers on Monday that attackers are targeting their security gateways using old VPN local accounts with insecure password-only authentication.
"The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled," Check Point explained in an update to the initial advisory.
While Check Point shared that the attacks targeting CVE-2024-24919 as a zero-day started around May 24, cybersecurity company mnemonic warned today that it observed exploitation attempts in some of its customer environments since April 30.
The company added that the vulnerability is "Particularly critical" because it's easy to exploit remotely since it doesn't require user interaction or any privileges on attacked Check Point security gateways with Remote Access VPN and Mobile Access enabled.
Check Point releases emergency fix for VPN zero-day exploited in attacks.
News URL
Related news
- Check Point releases emergency fix for VPN zero-day exploited in attacks (source)
- Check Point Warns of Zero-Day Attacks on its VPN Gateway Products (source)
- New Attack on VPNs (source)
- New attack leaks VPN traffic using rogue DHCP servers (source)
- New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-28 | CVE-2024-24919 | Unspecified vulnerability in Checkpoint products Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. | 8.6 |