Check Point sends out security reminder to fix unauthorized access to VPNs
Cybersecurity firm Check Point urges customers to install a bug fix for a vulnerability in its own VPN solution that’s been actively exploited by hackers.
Threat actors use the vulnerability, also known as CVE-2024-24919, to gain unauthorized access to Check Point Security Gateways. Once they get in, hackers can try to discover relevant enterprise assets and users, gain deeper access into the company’s network (privilege escalation), and steal confidential corporate or private information.
The vulnerability is known for some time. Check Point warned customers for the exploit last week, recommending them to improve their VPN security. In the meantime, the cybersecurity company generated a fix which ensures attempts to gain unauthorized access to VPNs are prevented.
Check Point says that its task force has been working around the clock to create more technical tools to ensure the security of our customers.
“In this context, as another preventative measure, we automatically updated security gateways (which are registered to our Security Auto Update service) with an update which helps them protect their environments from various attempts to exploit the CVE. This is an interim measure until the fix is installed,” the company discloses.
In order to fully address the vulnerability, customers are required to install the fix. Otherwise they leave their business networks open for unwanted guests. Check Point therefore advises their customers to install the bug fix as soon as possible. Allegedly, thousands of organizations have already done that.
“We value your collaboration in installing the fix, and the cooperation enabling us to better understand the situation and to provide you, in real time, with the tools and solutions needed to prevent future attacks,” Check Point concludes its press release on the matter.
Your email address will not be published. Required fields are marked