cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III

PoC Published for Exploited Check Point VPN Vulnerability

Dear all,

 

Proof-of-concept exploit code for a zero-day arbitrary file read vulnerability in Check Point Security Gateway has been released. Check Point published hotfixes last week to remediate the vulnerability, which affects Security Gateway with IPSec VPN or Mobile Access blades enabled. Check Point’s support page includes a procedure to identify vulnerable gateways. Censys has observed nearly 14,000 Internet-facing devices running the products, but it is not clear how many of these are actually vulnerable. The US Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its KEV on May 30. Federal Civilian Executive Branch (FCEB) agencies  have until June 20 to address the vulnerability.

 

https://www.securityweek.com/poc-published-for-exploited-check-point-vpn-vulnerability/?is=2e17210a0...

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP
2 Replies
Gonzales
Viewer

A zero-day arbitrary file read vulnerability in Check Point Security Gateway has been discovered, affecting systems with IPSec VPN or Mobile Access blades enabled. Check Point has released hotfixes to address the issue, and a procedure to identify vulnerable gateways is available on their support page. While NCEdCloud nearly 14,000 Internet-facing devices running the affected products have been observed, it's unclear how many are actually vulnerable. The US Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) list on May 30. Federal Civilian Executive Branch (FCEB) agencies have until June 20 to remediate the vulnerability.

dean14367
Viewer

A Proof-of-Concept (PoC) has been recently published showcasing the exploitation of a critical vulnerability in Check Point VPN. This revelation raises concerns over the security of VPN services, which are often relied upon for secure remote access to corporate networks. The PoC underscores the urgency for organizations to promptly apply patches and updates provided by Check Point google stock to mitigate the risk of potential cyberattacks exploiting this vulnerability. Cybersecurity experts emphasize the importance of staying vigilant and proactive in safeguarding network infrastructure against emerging threats in today's increasingly interconnected digital landscape.