CVE-2024-24919 is a critical information disclosure vulnerability in Check Point Security Gateways which have remote access VPN or mobile access software enabled.

The vulnerability results from a path traversal weakness in client-supplied arguments supplied in web requests to the vulnerable appliance.

The impact of this vulnerability means that critically sensitive information can be accessed by an attacker. This includes local account credentials in hashed format and may include LDAP connection credentials which presents a lasting security risk if not addressed.

Checkpoint has released emergency patches for affected products, which should be applied immediately. Please check the vendor's resources for patches relevant to your Checkpoint device.

Initial investigations find that exploitation of this vulnerability has occurred since April. Integrity360 recommends that the following actions are taken to prevent impact:

1. Appliance patching
2. Local account password rotation
3. LDAP Connector credential reset
4. Review of anomalous appliance traffic to internal infrastructure such as Domain Controllers

Integrity360 Managed Services teams are proactively reviewing all Managed Service customers and will patch any vulnerable appliances and the Integrity360 Incident Response team is running targeted threat hunts in order to assess if any customer's appliances have been affected. Please reach out to your account manager if you are concerned about the risk posed by this vulnerability.