- May 29, 2024
- Beazley Security Labs
Critical Vulnerability in CheckPoint Quantum (CVE-2024-24919)
On May 27th, the Check Point Research Division reported a vulnerability in certain Check Point Quantum Security Gateway devices. The vulnerability is being tracked as CVE-2024-24919, which provides a remote attacker the ability to access protected information on an affected device without credentials.
Executive Summary
On May 27th, the Check Point Research Division reported a vulnerability in certain Check Point Quantum Security Gateway devices. The vulnerability is being tracked as CVE-2024-24919, which provides a remote attacker the ability to access protected information on an affected device without credentials.
Check Point discovered the vulnerability as part of internal testing, and patches were immediately released in the form of a Security Gateway Hotfix. During their study, Check Point’s dedicated task force reported seeing attacks leveraging this vulnerability against a “few customers”. Additionally, third-party cybersecurity firm Mnemonic has reported observing attacks leveraging this vulnerability to steal Active Directory credentials. The patches provided by Check Point require an account to download and examine, and third-party security firm Watchtowr has already reverse engineered enough details of the vulnerability for attackers to develop and deploy weaponized exploits over the next few days.
Given these factors, Lodestone believes immediate deployment of Check Point’s released software patches is crucial.
Affected Systems or Products
The vulnerability affects the following Check Point products:
Products
CloudGuard Network
Quantum Maestro
Quantum Scalable Chassis
Quantum Security Gateways
Quantum Spark Appliances
Versions
R77.20 (EOL)
R77.30 (EOL)
R80.10 (EOL)
R80.20 (EOL)
R80.20.x
R80.20SP (EOL)
R80.30 (EOL)
R80.30SP (EOL)
R80.40 (EOL)
R81
R81.10
R81.10.x
R81.20
Mitigations / Workarounds
The only recommended mitigation or workaround for this vulnerability besides the software patch is to disable Remote Access and Mobile Access functions. The steps provided to do this are as follows:
- 1.
In SmartConsole > Security Gateway object properties > General Properties > clear the Mobile Access checkbox.
1.
1. - 2.
Disable the Remote Access functionality: in Security Gateway object properties > VPN Clients > clear all checkboxes.
2.
2. - 3.
Click OK and install the Access Control policy.
You can find these steps on their support page for this advisory here.
Patches
Check Point provided software patches at the time of disclosure. Users with supported versions of the Security Gateway can download Check Point’s Hotfix update patches here and apply them as follows:
- 1.
In the Gaia Portal on the Security Gateway, go to Software Updates > Available Updates > Hotfix Updates.
- 2.
Click Install. The process should take 5 to 10 minutes to complete, and the confirmation window will be displayed.
- 3.
Reboot the Security Gateway.
Users with unsupported versions of Check Point Security Gateway are strongly encouraged to upgrade to a supported version and apply the appropriate Hotfix.
How Beazley Security is responding
Beazley Security is monitoring client perimeter devices discovered by our Attack Surface Management Solution, Karma, to identify potentially impacted devices and support organizations in remediation of any issues found.