May 29, 2024 at 09:34AM
Check Point releases hotfixes for VPN zero-day exploited in attacks targeting remote access to firewalls and corporate networks. The vulnerability (CVE-2024-24919) affects Check Point Security Gateways and impacts various product versions. Security updates have been issued, and installation instructions provided. A remote access validation script is available to review results and take appropriate actions.
Summary of Meeting Notes:
1. Check Point has released hotfixes for a VPN zero-day vulnerability (CVE-2024-24919) that allows attackers to gain remote access to firewalls and attempt to breach corporate networks.
2. The vulnerability impacts various products and product versions, including Quantum Security Gateway, CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, and Quantum Spark Gateways.
3. Security updates have been released for the affected products to address the vulnerability.
4. Admins are advised to apply the updates via the Security Gateway portal and are informed that the process should take approximately 10 minutes with a required reboot.
5. After the hotfix is installed, login attempts using weak credentials and authentication methods will be automatically blocked, and a log will be created.
6. Hotfixes are available for end-of-life (EOL) versions, but they must be downloaded and applied manually.
7. Check Point has created a FAQ page with additional information about the vulnerability, IPS signature, and manual hotfix installation instructions.
8. Those unable to apply the update are advised to enhance their security stance by updating the Active Directory (AD) password used for authentication.
9. Check Point has also created a remote access validation script that can be uploaded onto ‘SmartConsole’ and executed to review the results and take appropriate actions.
10. More information on updating the AD password and using the ‘VPNcheck.sh’ script is available on Check Point’s security bulletin.