Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024061308060707 | Publication Time | 2024/06/13 08:31 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/06/13 12:26 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】High-Risk Security Vulnerability in Check Point VPN Gateway (CVE-2024-24919) - Immediate Action Required! |
|||
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202406-00000076 Researchers have identified a path traversal vulnerability (CVE-2024-24919) in Check Point VPN Gateway. This vulnerability allows unauthenticated remote attackers to send crafted requests to access arbitrary system files. This vulnerability has already been exploited by attackers. Immediate verification and patching are required. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] Affected Products: ●CloudGuard Network ●Quantum Maestro ●Quantum Scalable Chassis ●Quantum Security Gateways ●Quantum Spark Appliances Affected Versions: ●R77.20 (EOL) ●R77.30 (EOL) ●R80.10 (EOL) ●R80.20 (EOL) ●R80.20.x ●R80.20SP (EOL) ●R80.30 (EOL) ●R80.30SP (EOL) ●R80.40 (EOL) ●R81 ●R81.10 ●R81.10.x ●R81.20 |
|||
[Recommended Actions] The official patch for this vulnerability has been released. Please refer to the official guidelines for patching: https://support.checkpoint.com/results/sk/sk182336 |
|||
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-24919 2. https://support.checkpoint.com/results/sk/sk182336 3. https://www.truesec.com/hub/blog/check-point-ssl-vpn-cve-2024-24919-from-an-incident-response-perspective 4. https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919 |