Check Point has issued a warning regarding a zero-day vulnerability that is currently being exploited in the wild by threat actors. This vulnerability affects the company’s Network Security gateway devices.

Affected products include CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. The issue is being tracked as CVE-2024-24919.

You might be interested in: Cybersecurity Monitoring Service: Your Digital Guardian

According to Check Point’s announcement, “The vulnerability potentially allows an attacker to access specific information on Internet-connected Gateways with remote access VPN or mobile access enabled.”

The hotfixes are available for the following versions:

• Quantum Maestro and Quantum Scalable Chassis versions are R81.20, R81.10, R80.40, R80.30SP, and R80.20SP.
• Versions for Quantum Spark Gateways include R81.10.x, R80.20.x, and R77.20.x.
• The Quantum Security Gateway and CloudGuard Network Security versions affected are R81.20, R81.10, R81, and R80.40.

This new discovery comes just a few days after an Israeli cybersecurity company issued a warning about attacks seeking to access workplace networks through its virtual private network (VPN) equipment.

“By May 24, 2024, we identified a small number of login attempts using old VPN local accounts that relied on an unrecommended password-only authentication method,” as reported by the company earlier this week.

A new zero-day vulnerability with a high severity level has been discovered in Security Gateways featuring IPSec VPN, Remote Access VPN, and the Mobile Access software blade. This vulnerability has now been traced back to its origin.

The nature of the attacks was not elaborated upon by Check Point; however, in the frequently asked questions section, the company mentioned that the exploitation efforts observed thus far have focused on “remote access on old local accounts with unrecommended password-only authentication” targeting a “small number of customers.”

In recent years, similar attacks have been launched against devices manufactured by Barracuda Networks, Cisco, Fortinet, Ivanti, Palo Alto Networks, and VMware. The targeting of virtual private network (VPN) equipment is merely the latest in a series of attacks aimed at applications located at the network perimeter.

“Attackers are motivated to gain access to organizations through remote-access setups so they can attempt to discover relevant enterprise assets and users, searching for vulnerabilities to gain persistence on key enterprise assets,” Check Point stated in its announcement.