CVE-2024-24919 is an information disclosure vulnerability that affects Check Point Security Gateways once they are connected to the internet and have remote Access VPN or Mobile Access Software Blades enabled. This security issue potentially allows an attacker to read certain sensitive information, potentially leading to further attacks on the network. Check Point Software Technologies has released a security fix that mitigates this vulnerability, and it is highly recommended for affected users to apply this patch as soon as possible.

CVE-2024-24919 Details

The vulnerability exists due to insufficient access controls when processing API requests on the affected Check Point Security Gateways. An attacker who can send specially-crafted API requests to the vulnerable system can exploit this flaw to read certain sensitive information. This information could potentially be used to launch attacks on the network and compromise additional systems.

Here's a code snippet showing the format of the malicious API request

GET /api/v1./information/details?apiKey={attacker_key} HTTP/1.1
Host: vulnerable.gateway.com

Once the attacker sends the malicious request, they can potentially receive detailed information about the targeted security gateway, such as IP addresses, VPN configuration, and firewall rules, among other sensitive data.

Impact

If successfully exploited, an attacker could potentially take advantage of the disclosed information to:

Launch further attacks on the network.

2. Compromise additional systems by exploiting other vulnerabilities that may be present in the disclosed information.
3. Conduct targeted phishing attacks by gathering intelligence about the affected organization and its network infrastructure.

Affected Versions

All versions of Check Point Security Gateway with remote Access VPN or Mobile Access Software Blades enabled are affected by this vulnerability.

Original References and Exploit Details

Check Point Software Technologies published a security advisory concerning this vulnerability, which can be found here:

CVE-2024-24919 Check Point Security Advisory

Furthermore, the details of the CVE-2024-24919 vulnerability can be found at the following National Vulnerability Database (NVD) link:

NVD - CVE-2024-24919

Security Fix

A security fix is available to mitigate this vulnerability. Those affected by CVE-2024-24919 are urged to implement the patch provided by Check Point Software Technologies as soon as possible. The patch can be downloaded from the Check Point Support Center:

Check Point Security Fix Download

In order to prevent similar vulnerabilities, it is also important to implement strong access controls and regularly audit the security of your Check Point Security Gateways, as well as keeping all software up-to-date.

Conclusion

CVE-2024-24919 is a critical information disclosure vulnerability affecting Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled. It is strongly recommended for affected users to apply the provided security fix as soon as possible to protect their systems and networks from potential attacks. Staying proactive in maintaining strong access controls and keeping all software updated will help further safeguard against such vulnerabilities in the future.

Timeline

Published on: 05/28/2024 19:15:10 UTC
Last modified on: 05/31/2024 16:04:09 UTC