DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software
| Our reference | DIVD-2024-00021 |
| Case lead | Alwin Warringa |
| Researcher(s) |
|
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Apply released hot fix as soon as possible |
| Patch status | Released |
| Status | Closed |
| Last modified | 07 Aug 2024 13:51 CEST |
Summary
The Check Point Research Division discovered a vulnerability in Security Gateways with IPsec VPN, Remote Access VPN or the Mobile Access blade enabled (CVE-2024-24919). The vulnerability potentially allows an attacker to access information on Gateways connected to the Internet with Remote Access VPN or Mobile Access enabled. Security Gateways of all versions with the IPsec VPN, Remote Access or Mobile Access software blades are vulnerable.
Recommendations
Check Point released hotfixes that address this vulnerability, see https://support.checkpoint.com/results/sk/sk182336 for more information. Install this hotfix as soon as possible.
What we are doing
DIVD is currently working to identify parties that are running a version of Check Point Security Gateway that contains this vulnerability and notify these parties. We do this by finding Checkpoint Security Gateways that are connected to the Internet and verifying the existence of the vulnerability.
Timeline
| Date | Description |
|---|---|
| 30 May 2024 | DIVD starts researching the vulnerability. |
| 30 May 2024 | DIVD finds fingerprint, preparing to scan. |
| 31 May 2024 | DIVD starts scanning the internet for vulnerable instances. |
| 31 May 2024 | DIVD starts notifying network owners with a vulnerable instance in their network. |
| 20 Jun 2024 | DIVD rescans the internet for vulnerable instances |
| 20 Jun 2024 | DIVD starts notifying network owners with a vulnerable instance for the second time |
| 16 Jul 2024 | DIVD rescans the internet for vulnerable instances |
| 16 Jul 2024 | DIVD starts notifying network owners with a vulnerable instance for the third time |
| 16 Jul 2024 | Case closed |