A high-severity information disclosure vulnerability in Check Point Security Gateways is being actively exploited. Here's what to do now.
CVE-2024-24919 has been identified in Check Point Security Gateways. This high-severity information disclosure vulnerability is actively being exploited in the wild, posing significant risks to organizations using Check Point products.
What It Affects
The flaw impacts Check Point Security Gateways with Remote Access VPN or Mobile Access blade enabled. An unauthenticated attacker can read sensitive information from the gateway, including credentials and configuration data that enable further compromise.
Immediate Actions
- Apply the Check Point hotfix released for affected versions immediately.
- Rotate any local accounts on the gateway and any credentials that may have been exposed.
- Review authentication logs for anomalous local-account activity.
- Where possible, disable Mobile Access or Remote Access VPN until patched.
Indicators of Compromise
Hunt for unexpected reads of sensitive files on the gateway, password-spray patterns against VPN portals from new IPs, and successful logins to local accounts that should not be in use. Maverc customers have hunt packages deployed; contact your account team for the latest IOC list.
