News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. CVE affecting Check Point Security Gateway

CVE affecting Check Point Security Gateway

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00pm, 30 May 2024

TLP Rating: Clear

CVE affecting Check Point Security Gateway

The NCSC would like to draw your attention to CVE-2024-24919 affecting Check Point Security Gateway. The NCSC is aware of public reporting of active exploitation, which refers to activity since at least 30 April 2024.

This is a critical zero-day information disclosure vulnerability. CVE-2024-24919 allows an attacker to access sensitive information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.

The NCSC encourages organisations in New Zealand that use the affected product to review the vendor advisory External Link which provides information on how to apply the hotfix as well the device versions impacted. The advisory contains a number of extra measures, including resetting LDAP credentials if the Security Gateway is configured to use this. We recommend reviewing all of the extra measures detailed in the vendor advisory.

Vendor advisory CVE-2024-24919 External Link

If your organisation has seen or does see evidence of compromise related to CVE-2024-24919, please contact ncscincidents@ncsc.govt.nz.