Check Point has issued a warning regarding a critical zero-day vulnerability known as CVE-2024-24919. The vulnerability has a CVSS score of 7.5 and is being actively exploited by threat actors in the wild. This can potentially allow attackers to read certain information on Internet-connected gateways with remote access VPN or mobile access enabled. Review this Cybersecurity Threat Advisory to secure your environment against this threat.
What is the threat?
The vulnerability allows unauthenticated remote attackers to read the contents of arbitrary files on the affected appliances. This includes sensitive files such as the /etc/shadow file, which contains password hashes for local accounts. By exploiting this flaw, attackers can extract these password hashes, potentially crack them, and use the cracked passwords to authenticate and gain unauthorized access to the network.
Why is it noteworthy?
The threat is noteworthy due to its high severity and ease of exploitation. This critical flaw affects a broad range of products, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. The vulnerability is being actively exploited in the wild, enabling attackers to read arbitrary files on compromised devices without requiring any user interaction or privileges. This has led to real-world attacks where sensitive information, such as password hashes, is extracted, allowing lateral movement within networks. The significant risk posed to organizations necessitates immediate patching and enhanced security measures to prevent unauthorized access and data breaches.
What is the exposure or risk?
It allows attackers to access sensitive information remotely without requiring user interaction or privileges. The risk includes unauthorized access to sensitive data, potential compromise of Active Directory credentials, and the possibility of further network infiltration and data exfiltration.
What are the recommendations?
Barracuda MSP recommends the following actions to secure your environment against this threat:
- Apply hotfixes for affected products immediately to mitigate the vulnerability.
- Examine your environments for any signs of compromise, such as unusual activity or unauthorized access attempts.
- Reset the credentials of local accounts, particularly those used for remote access or administrative purposes.
- Disable unused local accounts to reduce the attack surface and minimize the risk of exploitation.
- Implement certificate-based authentication.
- Enhance overall security measures, including network segmentation, access controls, and monitoring for suspicious activity.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.helpnetsecurity.com/2024/05/31/cve-2024-24919/
- https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
