Cybersecurity company Check Point reports discovering a zero-day bug in its enterprise VPN products that attackers are exploiting to gain illegal access to corporate networks that use these tools. Attackers began exploiting the bug around April 30, and it is yet unknown who is responsible or how many clients are impacted by the vulnerability, but a fix is available now.
The cybersecurity company mentioned observing increased interest of malicious groups in leveraging remote-access VPN environments as an entry point and attack vector into enterprises in the past months. They mainly focused on remote access, targeting old local accounts with password-only authentication. This authentication method is not recommended, as it does not ensure the highest levels of security.
Upon witnessing recently compromised VPN solutions, Check Point started monitoring attempts to gain unauthorized access to its own VPN products. This led to the discovery of a small number of login attempts targeting password-only authentication for old VPN local accounts.Â
On May 27, 2024, Check Point found the root cause and delivered a solution addressing the attempts the team saw on a small number of customers’ VPN remote access networks in the form of a fix that needs to be installed on Check Point Network Security gateways to protect customers against VPN information disclosure (CVE-2024-24919).
The discovered vulnerability potentially allows an attacker to read information on Internet-connected gateways that have enabled remote access VPN or mobile access. The attempts focus on the same scenario regarding the known limited number of customers, and the company says Check Point’s network is not affected by this vulnerability.