Exploitation of Recent Check Point VPN Zero-Day Soars
Posted: Thu Jun 06, 2024 1:22 pm
The exploitation of a recently disclosed zero-day vulnerability in Check Point VPN products has been ramping up fast, threat intelligence company GreyNoise reports.
The issue, tracked as CVE-2024-24919 (CVSS score of 8.6) and disclosed last week, could allow an attacker to access sensitive information on Check Point Security Gateways, or move laterally and obtain domain admin privileges.
Impacting multiple discontinued versions of Check Point’s gateways, the flaw has been exploited in the wild since at least April 7, and proof-of-concept (PoC) code targeting it was released over the weekend.
[...]
Exploitation of Recent Check Point VPN Zero-Day Soars
The issue, tracked as CVE-2024-24919 (CVSS score of 8.6) and disclosed last week, could allow an attacker to access sensitive information on Check Point Security Gateways, or move laterally and obtain domain admin privileges.
Impacting multiple discontinued versions of Check Point’s gateways, the flaw has been exploited in the wild since at least April 7, and proof-of-concept (PoC) code targeting it was released over the weekend.
[...]
Exploitation of Recent Check Point VPN Zero-Day Soars