Check Point Warns About Threat To ‘Old’ VPN Accounts, Releases Patch

The cybersecurity vendor says that a now-fixed VPN vulnerability has been exploited in attacks.

Check Point has released emergency patches for a VPN vulnerability that the cybersecurity vendor said has been exploited in a small number of attacks.

Initially disclosed by Check Point on Monday, the company released more details Tuesday as well as fixes for the zero-day vulnerability (tracked at CVE-2024-24919) affecting its Security Gateways.

[Related: 5 Things To Know About The Latest Firewall, VPN Attacks]

In its updated advisory Tuesday, Check Point said that “the vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled.”

“The attempts we’ve seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication,” the company said.

A “small number of customers” are known to have been affected so far, Check Point said.

“We’re working with customers who we believe were affected to remediate the situation. Check Point’s network is not affected by this,” the company said.

In a statement provided to CRN, Check Point Chief of Staff Gil Messing said that “while there have only been a few attempts globally, it's enough to recognize a trend and, more importantly, a straightforward way to ensure it’s unsuccessful.”

The attacks are the latest instances that involve threat actors targeting network security devices and remote access services, as a means of breaching customer environments.

Given the prime position of network security products, there’s no question that “they are big targets for attackers of all stripes,” said Caitlin Condon, director of vulnerability research and intelligence at Rapid7, in a previous interview.