Latest Check Point Software vulnerabilities
On May 28, 2024, Check Point disclosed a serious vulnerability in Check Point Security Gateway Devices with certain remote access software blades (security modules) enabled. Per their guidance, devices are impacted if one of the following conditions are met:
- The IPsec VPN Blade is enabled, but ONLY when included in the Remote Access VPN community.
- The Mobile Access Software Blade is enabled.
The issue, identified as CVE-2024-24919, allows reading arbitrary files on the targeted appliance by unauthenticated remote attackers. This vulnerability could be leveraged to read sensitive files such as those containing password hashes, certificates, and ssh keys.
This vulnerability has a CVSS score of 8.6 out of 10, indicating that this is a high risk vulnerability. According to their disclosure and information provided by CISA this vulnerability is being actively exploited. A report from mnemonic.io states that they have observed attacks at least as far back as April 30, 2024.
What is the impact?
Upon successful exploitation of the vulnerability, unauthenticated remote attackers could access password hashes for local users. If the hashes are cracked the attacker may be able to log into these user accounts if secondary controls, such as MFA, are not enforced. This includes service accounts that may be used to access Active Directory or other services. Attackers could leverage this information to move across a target’s network.
Are updates or workarounds available?
Check Point has released a software updates to address this vulnerability. They also provide guidance for other measures that should be taken after the vulnerability has been addressed. These can be found in their advisory.
How do I find potentially vulnerable Check Point devices with runZero?
From the Asset Inventory, use the following query to locate assets that may be running the vulnerable operating system in your network:
hardware:"Check Point" AND (_service.last.http.body:"Check Point Mobile" OR _service.http.body:"Check Point Mobile" OR udp_port:500)About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
