Librarium
Settings

CVE-2024-24919: Check Point Security Gateway Information Disclosure Zero-Day Exploited in the Wild

Bhavin Patel
arbitrary file readbug bountybug bounty hindicheck pointcheck point vpn exploitcheckpointcve-2024-24919exploit pocgreynoisehackinghacking using online toolshackingandcybersecuritycoursehackingandhandwindinghackingandsecuritytraininghackingandwhackingandsmackinghackingcoursehackingdevicegtacasinoheisthackingscammerhackingtrickshackthebox livehindi live reconlive reconnetlas exploitrceshodan recon livetryhackme livevpnexploitvpnpoc

Check Point’s dedicated task force continues investigating attempts to gain unauthorized access to VPN products used by our customers. On May 28, 2024 we discovered a vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade (CVE-2024-24919). Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway. This, in certain scenarios, can potentially lead the attacker to move laterally and gain domain admin privileges.

https://blog.checkpoint.com/security/enhance-your-vpn-security-posture/

https://support.checkpoint.com/results/sk/sk182336

https://support.checkpoint.com/results/download/133115

https://support.checkpoint.com/results/sk/sk182337

The IPS Signature "Check Point VPN Information Disclosure (CVE-2024-24919)" detects and blocks attempts to exploit this CVE. This signature is automatically available in the "Optimized" IPS profile.

To prevent any attempt to exploit this vulnerability, you must protect the vulnerable Remote Access VPN gateway behind a Security Gateway with both IPS and HTTPS Inspection enabled.

Important extra measures

  1. Change the password of the LDAP Account Unit
  2. Reset password of local accounts connecting to VPN with password authentication
  3. Prevent Local Accounts from connecting to VPN with Password Authentication
  4. Renew the server certificates for the Inbound HTTPS Inspection on the Security Gateway
  5. Renew the certificate for the Outbound HTTPS Inspection on the Security Gateway
  6. Reset Gaia OS passwords for all local users
  7. Regenerate the SSH local user certificate on the Security Gateway in the following case:
  8. Renew the certificate for the SSH Inspection

deploy the hotfix for CVE-2024-24919 to address the vulnerability.

Implement one of the additional protection measures If you have remote access users who authenticate to the Security Gateway using only a password:

Reset passwords for local users. Prevent local users from authenticating with VPN.

Any questions let me know. Thanks for stopping by and please don't forget to subscribe. Cheers

I hope you enjoy/enjoyed the video.

If you have any questions or suggestions feel free to ask them in the comments section or on my social media pages.

Thank you for checking out this video and my channel, sharing is caring so please share, comment, like and don't forget to subscribe

📱Social Media📱 & ❓Info❓

Follow me on the following platforms: https://linktr.ee/cyberbruharmy Blog: https://www.cyberbruharmy.in/ https://blog.cyberbruharmy.in/ YouTube Subscription Link: https://www.youtube.com/CyberBruhArmy?sub_confirmation=1 Twitter: https://twitter.com/cyberbruharmy Instagram: https://www.instagram.com/cyberbruharmy/ Discord: https://discord.com/invite/8Uz7ArN EMail: contact@cyberbruharmy All Vendor Firewall Demo Devices access - https://cyberbruharmy.gitbook.io/firewalldemodevice/ ... https://www.youtube.com/watch?v=V0k8NISKUuE

2024-06-01
0.0 LBC
Copyrighted (contact publisher)

27324938 Bytes