In a recent announcement, Check Point, an Israeli cybersecurity company, has issued a warning concerning a zero-day vulnerability that has been exploited by threat actors in its Network Security gateway products. The vulnerability, identified as CVE-2024-24919, affects several products including CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances.

According to Check Point, the vulnerability has the potential to allow attackers to access specific information on Gateways with remote access VPN or mobile access enabled. The affected versions include Quantum Security Gateway and CloudGuard Network Security Versions - R81.20, R81.10, R81, R80.40; Quantum Maestro and Quantum Scalable Chassis - R81.20, R81.10, R80.40, R80.30SP, R80.20SP; and Quantum Spark Gateways Version - R81.10.x, R80.20.x, R77.20.x.

This discovery comes shortly after Check Point disclosed attacks targeting its VPN devices, aimed at infiltrating enterprise networks. The company identified a small number of login attempts using outdated VPN local-accounts that relied on a password-only authentication method by May 24, 2024.

Further investigation has revealed that these attacks were facilitated by a new high-severity zero-day vulnerability found in Security Gateways with IPSec VPN, Remote Access VPN, and the Mobile Access software blade. Check Point has not provided detailed information on the nature of the attacks but stated that the observed exploitation attempts primarily focused on old local accounts with password-only authentication against a limited number of customers.

This incident highlights a larger trend of attacks targeting network perimeter applications. In recent years, similar attacks have impacted devices from Barracuda Networks, Cisco, Fortinet, Ivanti, Palo Alto Networks, and VMware. Check Point emphasizes that attackers are increasingly motivated to gain access to organizations via remote-access setups, allowing them to search for vulnerabilities and gain persistence on key enterprise assets.

As the situation unfolds, Check Point urges organizations using the affected products to take immediate action to mitigate the risk posed by this zero-day vulnerability. Regular security updates and adherence to recommended authentication methods are essential to ensuring the safety and integrity of network security systems.