Skip to the content.

DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software

Our reference DIVD-2024-00021
Case lead Alwin Warringa
Researcher(s)
CVE(s)
Products
  • Check Point Security Gateway
Versions
  • Security Gateways of all versions with the IPsec VPN, Remote Access or Mobile Access software blades are vulnerable.
Recommendation Apply released hot fix as soon as possible
Patch status Released
Status Closed
Last modified 07 Aug 2024 13:51 CEST

Summary

The Check Point Research Division discovered a vulnerability in Security Gateways with IPsec VPN, Remote Access VPN or the Mobile Access blade enabled (CVE-2024-24919). The vulnerability potentially allows an attacker to access information on Gateways connected to the Internet with Remote Access VPN or Mobile Access enabled. Security Gateways of all versions with the IPsec VPN, Remote Access or Mobile Access software blades are vulnerable.

Recommendations

Check Point released hotfixes that address this vulnerability, see https://support.checkpoint.com/results/sk/sk182336 for more information. Install this hotfix as soon as possible.

What we are doing

DIVD is currently working to identify parties that are running a version of Check Point Security Gateway that contains this vulnerability and notify these parties. We do this by finding Checkpoint Security Gateways that are connected to the Internet and verifying the existence of the vulnerability.

Timeline

Date Description
30 May 2024 DIVD starts researching the vulnerability.
30 May 2024 DIVD finds fingerprint, preparing to scan.
31 May 2024 DIVD starts scanning the internet for vulnerable instances.
31 May 2024 DIVD starts notifying network owners with a vulnerable instance in their network.
20 Jun 2024 DIVD rescans the internet for vulnerable instances
20 Jun 2024 DIVD starts notifying network owners with a vulnerable instance for the second time
16 Jul 2024 DIVD rescans the internet for vulnerable instances
16 Jul 2024 DIVD starts notifying network owners with a vulnerable instance for the third time
16 Jul 2024 Case closed
gantt title DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software (47 days) :2024-05-30, 2024-07-16 section Events DIVD starts researching the vulnerability. : milestone, 2024-05-30, 0d DIVD finds fingerprint, preparing to scan. : milestone, 2024-05-30, 0d DIVD starts scanning the internet for vulnerable instances. : milestone, 2024-05-31, 0d DIVD starts notifying network owners with a vulnerable instance in their network. : milestone, 2024-05-31, 0d DIVD rescans the internet for vulnerable instances : milestone, 2024-06-20, 0d DIVD starts notifying network owners with a vulnerable instance for the second time : milestone, 2024-06-20, 0d DIVD rescans the internet for vulnerable instances : milestone, 2024-07-16, 0d DIVD starts notifying network owners with a vulnerable instance for the third time : milestone, 2024-07-16, 0d Case closed : milestone, 2024-07-16, 0d

More information