CVE-2024-24919

Name of the Vulnerable Software and Affected Versions Check Point Security Gateways versions R77.20 through R81.20 Check Point CloudGuard Network (affected versions not specified) Check Point Quantum Maestro (affected versions not specified) Check Point Quantum Scalable Chassis (affected versions not specified) Check Point Quantum Spark Appliances (affected versions not specified)

Description The vulnerability allows an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. This issue has been actively exploited by attackers to read sensitive data such as password hashes, potentially leading to network compromise. The estimated number of potentially affected devices worldwide is over 13,800.

Technical details about exploitation include:

Recommendations For Check Point Security Gateways versions R77.20 through R81.20: Apply the security fix that mitigates this vulnerability. For Check Point CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, and Quantum Spark Appliances: Restrict access to the VPN and Mobile Access, and install the hotfix. As a temporary workaround, consider disabling the vulnerable aCSHELL parameter in the /clients/MyCRL API endpoint until a patch is available. Check for compromise and update the system with the latest hotfixes. Reset local account passwords and conduct an investigation if exploitation is detected.