CVE-2024-24919: Check Point Security Gateway Information Disclosure Zero-Day Exploited in the Wild

On May 27, Check Point released a blog post with recommendations on security best practices. According to the original post, Check Point has been monitoring exploitation attempts in the wake of several attacks involving compromised VPN solutions from multiple vendors. During this monitoring, Check Point noticed  “a small number of login attempts” that were utilizing local accounts with password-only authentication enabled. Check Point began actively engaging with customers that may have been impacted and released their blog with recommendations on improving VPN security.

On May 28, Check Point updated their blog post with a CVE (CVE-2024-24919) and explanation that the recently observed exploitation attempts were attributed to a previously unknown vulnerability and that immediate action is required to protect from this vulnerability.

CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade. According to the advisory, Check Point has observed in-the-wild exploitation of this vulnerability and so far this exploit activity has been focused on devices configured with local accounts using password-only authentication.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.