0-Day Vulnerability Found in Check Point Gateways

Recently a serious vulnerability in the device “CloudGuard Network Security” from Check Point has been discovered. This vulnerability, identified as CVE-2024-24919, is considered highly prioritized due to its potential impact. The vulnerability allows unauthorized attackers to access confidential information on gateways connected to the Internet via remote access through VPN or mobile access.

Check Point has confirmed that this vulnerability is actively being exploited by attackers. The bug enables them to read various data from devices, including configuration files and hashed passwords, posing a significant security threat.

Safety researchers from Watchtowr Labs conducted an analysis on the vulnerability using the method of initial and updated code (Patch-Diffting). The analysis revealed that the vulnerability is associated with “Path Traversal” attacks, allowing attackers to bypass file path checks on the server and access files outside the permissible directory.

Researchers discovered that attackers could exploit the vulnerability by sending a specially crafted request to the server. By doing so, they could gain access to sensitive files such as the /etc/Shadow file, which stores hashed passwords of system users, potentially granting them access to any file on the device.

What can an attacker do?

Attackers can exploit the vulnerability to retrieve confidential information from Check Point devices, including critically important files like the Shadow Password File. This could potentially lead to a complete compromise of the system, posing a severe threat to security.

The reaction of Check Point

Check Point has released an urgent patch to address and eliminate this vulnerability. In addition to applying the patch, they recommend users to implement additional security measures such as using IPS and SSL inspectors on border gateways to protect vulnerable devices.

Conclusion

The CVE-2024-24919 vulnerability poses a significant threat to the security of Check Point devices. Administrators are strongly advised to promptly install the available updates and implement additional protective measures to safeguard their systems.

Check Point has acknowledged the issue and provided necessary updates for its products. It is crucial for users to heed the company’s advice and install patches promptly to secure their networks against potential attacks.

/Reports, release notes, official announcements.