Get the inside scoop with LoginTC and learn about relevant security news and insights.

What is the Check Point VPN vulnerability?

June 25, 2024Victoria Savage

check point vpn vulnerability

A new vulnerability in Check Point VPN is causing headaches for IT administrators around the world.

In this post we’ll discuss what the new Check Point VPN vulnerability is, how it’s affecting people, and what you can do to protect your organization.

What is the Check Point VPN vulnerability?

On May 27, 2024 Check Point VPN released information that they had identified a vulnerability in several of their products that was being actively leveraged by malicious actors.

The NIST has classified this vulnerability as CVE-2024-24919. The affected products are Check Point VPNs that use IPSec VPN or Mobile Access configurations, including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark.

This vulnerability is giving attackers access to information in the security gateways, and allowing them to move laterally within the network. In some cases, attackers have gained admin privileges.

How is the Check Point VPN vulnerability impacting IT departments?

Exploitation attempts using CVE-2024-24919 have been discovered as far back as April 7, 2024, almost two months before Check Point released information publicly about the vulnerability.

Following the announcement of the vulnerability, attacks increased steadily, and by June 5 hundreds of IPs began targeting this vulnerability. Researchers have deemed the exploit relatively simple to find and “easy to exploit”.

Check Point has said that the customers affected were using VPN local accounts with password-only authentication.

What should IT admins to to mitigate the vulnerability?

Check Point has released hotfixes for each of their products impacted by this vulnerability. As of June 3 only 2% of impacted organizations had installed the fix, but as word spreads, more organizations will continue to implement solutions needed to secure their Check Point VPNs from this vulnerability.

Additional steps to protect Check Point VPN

Check Point has also released additional steps to protect your organization from attackers. Their full list includes:

  1. Change the password of the LDAP Account Unit
  2. Reset password of local accounts connecting to Remote Access VPN with password-only authentication
  3. Prevent Local Accounts from connecting to VPN with Password-Only Authentication
  4. Renew the server certificates for the Inbound HTTPS Inspection on the Security Gateway
  5. Renew the certificate for the Outbound HTTPS Inspection on the Security Gateway
  6. Reset Gaia OS passwords for all local users
  7. Regenerate the SSH local user certificate on the Security Gateway
  8. Renew the certificate for the SSH Inspection

Prevent Password-only authentication on Check Point VPNs with LoginTC

One of the key recommendations from Check Point is to upgrade all VPNs that currently use password only authentication to passwordless or multi-factor authentication. One solution that can add multi-factor authentication to your Check Point VPN is LoginTC.

LoginTC is a comprehensive MFA solution that allows administrators to add a second factor of authentication security across your entire ecosystem.

Instead of implementing MFA on each application and service individually, LoginTC allows your users to leverage one token to login securely everywhere.

Start a free trial today to protect your Check Point VPNs.

Start your free trial today. No credit card required.

Sign up and Go