Security News > 2024 > May > Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations' network.
The existence and in-the-wild exploitation of the flaw was revealed by Check Point on Tuesday, a day after they warned that about discovered instances of attackers making login attempts "Using old VPN local-accounts relying on unrecommended password-only authentication method."
According to Check Point, the vulnerability affected all Check Point Security Gateways that had either the Mobile Access Software Blade blade or the IPsec VPN Blade enabled.
Check Point says that "Further investigation revealed that the first exploitation attempts started on April 7, 2024", and that they "Are actively investigating further."
Check Point has released hotfixes for the various affected Secure Gateway appliances and has advised customers to implement them as soon as possible.
Mnemonic has shared a few IP addresses from which attackers performed reconnaissance and exploitation, and Check Point has a more extensive list.
News URL
https://www.helpnetsecurity.com/2024/05/31/cve-2024-24919/
Related news
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) (source)
- Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-28 | CVE-2024-24919 | Unspecified vulnerability in Checkpoint products Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. | 8.6 |