FortiGuard Outbreak Alert: Check Point Quantum Security Gateways Information Disclosure Attack

kcheung · ‎06-11-2024

Description

Check Point Security Gateways has an information disclosure vulnerability which allows for an unauthenticated threat actor to read the contents files located on the affected appliance.

Threat actor could abuse CVE-2024-24919 to read password hashes for local accounts on the appliance. Accounts with weak password can be compromised leading to further exploitation and potential lateral movement.

CVE ID

CVE-2024-24919 (https://nvd.nist.gov/vuln/detail/CVE-2024-24919)

NDR Cloud Detection Rule

FortiNDR Cloud v2024.5+

Detection Rule Name	Category	Primary MITRE ID
FortiGuard Outbreak Alert: Check Point Quantum Security Gateways Information Disclosure	Attack: Exploitation	T1190 - Exploit Public-Facing Application

Playbook

N/A

Threat Hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Check Point Quantum Security Gateways Information Disclosure Attack” related activities
IOC source: https://www.fortiguard.com/outbreak-ioc?tag=Check%20Point%20Information%20Disclosure

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below
2053031 → ET WEB_SPECIFIC_APPS Checkpoint Quantum Security Gateway Arbitrary File Read Attempt (CVE-2024-24919)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/check-point-information-disclosure