Overview
A critical security update has been released to address a vulnerability (CVE-2024-24919) in Check Point Network Security gateways. This vulnerability potentially allows an attacker to read certain information on Internet-connected gateways with remote access VPN or mobile access enabled. The affected configurations include scenarios with old local accounts using password-only authentication.
Verify Exposure
To determine if your system is at risk, follow these steps:
- Check for old local accounts: Navigate to your security gateway’s account management interface to identify any old local accounts.
- Authentication Method: Verify the authentication method used by these accounts. If password-only authentication is in place, consider updating it.
Recommendations for Action
A fix has been released and must be installed on Check Point Network Security gateways to remain protected. Customers should follow these steps:
- Install the Fix: Apply the fix provided by Check Point to your security gateways to prevent exploitation of this vulnerability.
- Enhance Authentication Methods: If you have local accounts that use password-only authentication, add another layer of security, such as certificate-based authentication.
- Disable Unused Accounts: If local accounts are not in use, it is recommended to disable them.
Interim Mitigation Measures
Until the fix is applied, customers can take the following interim measures to mitigate potential risks:
- Monitor for Unauthorized Access: Enable logging and monitoring for any unauthorized access attempts on your VPN.
- Strengthen Account Security: Ensure that all local accounts have strong, complex passwords and consider implementing multi-factor authentication (MFA).
Additional Resources:
For additional information, view the links below:
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/#/
Vulnerability Alert 