Indian cyber security agency warns users about a bug in Checkpoint gateway products

The Indian Computer Emergency Response Team (CERT-In) has issued a cautionary alert regarding a vulnerability found in Checkpoint Network Security gateway products, posing a risk of compromising users’ data.

As per the advisory from the national cyber-security agency, attackers could exploit this vulnerability to gain access to specific information on “internet-connected gateways configured with IPSec VPN, remote access VPN, or mobile access software blades.”In certain scenarios, the agency has warned, such exploitation could potentially enable attackers to move laterally and acquire domain admin privileges.

The vulnerability stems from the utilization of an unrecommended password-only authentication method in Checkpoint Network Security gateway products. CERT-In has highlighted that the vulnerability (CVE-2024-24919) is currently being exploited in real-world situations, urging users to promptly implement fixes provided by the company.

Checkpoint has acknowledged the vulnerability and released a fix for it. “Following our security update, Check Point’s dedicated task force continues investigating attempts to gain unauthorized access to VPN products used by our customers,” stated the company in its security update.

The company further emphasized, “Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway.

Under the Ministry of Electronics & Information Technology, CERT-In had previously alerted users about vulnerabilities in Google Chrome and Siemens products, which could allow attackers to execute arbitrary code on targeted systems.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report

Unlock Exclusive Insights: Access the article