Vulnerability Discovered in Check Points' Quantum Security Gateway Device: Alert Issued by ACSC

Vulnerability Discovered in Check Points' Quantum Security Gateway Device: Alert Issued by ACSC

A critical security vulnerability has been discovered in Check Point's Quantum Security Gateway devices, affecting Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade. This vulnerability, identified as CVE-2024-24919, poses a significant threat as it could potentially allow unauthorised access to sensitive information on the Security Gateway.

The Australian Cyber Security Centre (ACSC) is actively tracking this vulnerability and has advised Australian organisations to review their networks for the use of vulnerable instances. The ACSC strongly recommends that affected organisations patch this vulnerability as a matter of high priority.

Check Point is currently investigating attempts to gain unauthorised access to VPN products used by its customers. In certain scenarios, an attacker could exploit this vulnerability to move laterally and gain domain admin privileges.

Fortunately, Check Point has released a preventative hotfix for CVE-2024-24919. This hotfix was made available as part of their R81.20 Jumbo Hotfix Accumulator updates. The hotfix addresses an information disclosure issue, as referenced in Check Point's documentation under sk182336.

It is essential for organisations using Check Point's Quantum Security Gateway devices to apply this hotfix promptly to mitigate the risk of potential attacks. Stay vigilant and keep your systems updated to ensure the security of your sensitive information.

Read also:

• Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
• Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
• British intelligence agency MI6 establishes a covert dark web platform named 'Silent Courier' in Istanbul for the purpose of identifying and enlisting secret agents.
• Russia intends to manufacture approximately 79,000 Shahed drones by the year 2025, according to Ukraine's intelligence.