Check Point Quantum Security Gateways Information Disclosure Attack

Released: May 31, 2024

Updated: Jun 05, 2024


High Severity

Check Point Vendor

Attack Type


Actively Targeted in the Wild

Attackers exploit a zero-day vulnerability affecting Check Point Security Gateways to gain remote access. The vulnerability can allow attackers to read sensitive information on Check Point Security Gateways enabled with remote Access VPN or Mobile Access Software Blades. Learn More »

Common Vulnerabilities and Exposures

CVE-2024-24919

Background

The vulnerability CVE-2024-24919 allows an unauthenticated remote attacker to read the contents of an arbitrary file located on the affected appliance, including disclosing the password hashes for local accounts. Weak passwords can be compromised, leading to further misuse and potential lateral movement within the network. Check Point mentioned in the advisory that the exploitation attempts were seen as early as April 7, 2024.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


FortiGuard recommends users to apply the emergency hotfix provided and follow instructions as mentioned on the vendor’s advisory. All the known IoCs involved in the campaign are blocked by Web Filtering and IOC service. FortiGuard Labs is continously monitoring the situation and as new information becomes available this report will be updated accordingly.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • Lure

  • Decoy VM

  • IPS

  • Web App Security

  • IoT/IIoT Virtual Patch

DETECT
  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Playbook

RESPOND
  • Automated Response

  • Assisted Response Services

RECOVER
  • NOC/SOC Training

  • End-User Training

IDENTIFY
  • Attack Surface Hardening

  • Business Reputation

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
156.146.56.136 ip Active
167.99.112.236 ip Active
138.68.90.19 ip Active
forticloud.online domain Active
fortigate.forticloud.online domain Active
login.forticloud.online domain Active
193.233.220.100 ip Active
193.233.220.109 ip Active
193.233.220.113 ip Active
193.233.220.139 ip Active
193.233.220.208 ip Active
193.233.220.224 ip Active
45.76.65.42 ip Active
146.70.205.62 ip Active
23.227.196.88 ip Active
203.160.68.12 ip Active
23.227.203.36 ip Active
87.120.8.173 ip Active
104.207.149.95 ip Active
109.134.69.241 ip Active
38.180.54.104 ip Active
38.180.54.168 ip Active
46.183.221.197 ip Active
46.59.10.72 ip Active
64.176.196.84 ip Active
87.206.110.89 ip Active
167.61.244.201 ip Active
178.236.234.123 ip Active
103.61.139.226 ip Active
112.163.100.151 ip Active
132.147.86.201 ip Active
146.185.207.0 ip Active
146.185.207.1 ip Active
146.185.207.10 ip Active
146.185.207.100 ip Active
146.185.207.101 ip Active
146.185.207.102 ip Active
146.185.207.103 ip Active
146.185.207.104 ip Active
146.185.207.105 ip Active
146.185.207.106 ip Active
146.185.207.107 ip Active
146.185.207.108 ip Active
146.185.207.109 ip Active
146.185.207.11 ip Active
146.185.207.110 ip Active
146.185.207.111 ip Active
146.185.207.112 ip Active
146.185.207.113 ip Active
146.185.207.114 ip Active
146.185.207.115 ip Active
146.185.207.116 ip Active
146.185.207.117 ip Active
146.185.207.118 ip Active
146.185.207.119 ip Active
146.185.207.12 ip Active
146.185.207.120 ip Active
146.185.207.121 ip Active
146.185.207.122 ip Active
146.185.207.123 ip Active
146.185.207.124 ip Active
146.185.207.125 ip Active
146.185.207.126 ip Active
146.185.207.127 ip Active
146.185.207.128 ip Active
146.185.207.129 ip Active
146.185.207.13 ip Active
146.185.207.130 ip Active
146.185.207.131 ip Active
146.185.207.132 ip Active
146.185.207.133 ip Active
146.185.207.134 ip Active
146.185.207.135 ip Active
146.185.207.136 ip Active
146.185.207.137 ip Active
146.185.207.138 ip Active
146.185.207.139 ip Active
146.185.207.14 ip Active
146.185.207.140 ip Active
146.185.207.141 ip Active
146.185.207.142 ip Active
146.185.207.143 ip Active
146.185.207.144 ip Active
146.185.207.145 ip Active
146.185.207.146 ip Active
146.185.207.147 ip Active
146.185.207.148 ip Active
146.185.207.149 ip Active
146.185.207.15 ip Active
146.185.207.150 ip Active
146.185.207.151 ip Active
146.185.207.152 ip Active
146.185.207.153 ip Active
146.185.207.154 ip Active
146.185.207.155 ip Active
146.185.207.156 ip Active
146.185.207.157 ip Active
146.185.207.158 ip Active
146.185.207.159 ip Active
146.185.207.16 ip Active
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0