close
close

How to find Check Point devices

Posted on by darion

The latest vulnerabilities in Check Point software

On May 28, 2024, Check Point disclosed a serious security vulnerability in Check Point Security Gateway devices with certain remote access software modules (security modules) enabled. According to their guidelines, devices are affected if one of the following conditions is true:

  • The IPsec VPN Blade is enabled, but ONLY if it is part of the remote access VPN community.
  • The Mobile Access Blade software module is enabled.

The issue, identified as CVE-2024-24919, allows arbitrary files on a target device to be read by unauthenticated remote attackers. This vulnerability can be exploited to read sensitive files such as files containing password hashes, certificates, and ssh keys.

This vulnerability has a CVSS rating of 8.6 out of 10, meaning it is a tall susceptibility to risk. According to their disclosure and information provided by CISA, this vulnerability is being actively exploited. A report by mnemonic.io shows that attacks have been observed since at least April 30, 2024.

What is the impact?

If this vulnerability was successfully exploited, unauthenticated, remote attackers could gain access to local user password hashes. If the hashes are compromised, an attacker can log into these user accounts unless additional checks such as MFA are enforced. This includes service accounts that can be used to access Active Directory or other services. Attackers can use this information to navigate the target’s network.

Are there updates or workarounds available?

Check Point has released a software update to address this vulnerability. They also provide guidance on other measures that should be taken once the vulnerability is remedied. These can be found in their advice.

How to find potentially vulnerable Check Point devices with runZero?

In the Resource Inventory, use the following query to locate resources that may be affected by an operating system vulnerability on your network:

hardware:"Check Point" AND (_service.last.http.body:"Check Point Mobile" OR _service.http.body:"Check Point Mobile" OR udp_port:500)

*** This is a Security Bloggers Network syndicated blog from runZero Blog written by Tom Sellers. Read the original post at: https://www.runzero.com/blog/check-point-gateway-devices/