Cybersecurity provider Check Point has advised its VPN customers to patch the Security Gateways service immediately to prevent threat actors from gaining initial access to enterprise networks through vulnerable VPN configurations.
The company has released an advisory to help fix the vulnerability. “Check Point’s dedicated task force continues investigating attempts to gain unauthorized access to VPN products used by our customers,” the company said in a security update. “On May 28, 2024, we discovered a vulnerability in Security Gateways with Remote Access VPN or the Mobile Access blade enabled.”
Check Point has released a solution to prevent attempts to exploit this vulnerability.
Vulnerability affects password-only protection
The vulnerability, tracked as CVE-2024-24919, apparently only affects Security Gateways configured with password-only protection that Check Point recommends against.
“The attempts we’ve seen so far focus on remote access scenarios with old local accounts with unrecommended password-only authentication,” Check Point said. “Password-only authentication cannot ensure the highest levels of security, and we strongly recommend that you do not rely on this method when logging in to network infrastructure.”
To explore these and any other potentially related attempts to exploit this vulnerability, the company said it has assembled “special teams of Incident Response, Research, Technical Services and Products professionals.”
“Relying on these customers notifications and Check Point’s analysis, the teams found within 24 hours a few potential customers which were subject to similar attempts,” Check Point added.
The affected Check Point environments include CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.
Security Gateway Hotfix
To fix the vulnerable configuration on the affected gateway services, the company has released a “hotfix update.” The update can be accessed at the Security Gateway portal under available software updates.
“Within a few hours of this development, Check Point released an easy-to-implement solution that prevents attempts to exploit this vulnerability,” the company said in the release.
Alternatively, the hotfix is available separately as a download as part of the security advisory. Check Point has urged customers to apply the fix to prevent unauthorized remote access attempts immediately.
In addition to applying the hotfix, the company has recommended changing the password of the Security Gateway’s account in Active Directory and preventing local accounts from connecting to the VPN with password authentication.
The vendor has also recommended that organizations assess their use of local accounts and disable any that are unnecessary. If local accounts are required, the vendor suggests enhancing their security by implementing an additional layer of authentication, such as certificates, on top of passwords.
