Zero-day flaw in Check Point VPNs is ‘extremely easy’ to exploit



Cybersecurity company Check Point says attackers are exploiting a zero-day vulnerability in its enterprise VPN products to break into the corporate networks of its customers. 

The technology maker hasn’t said yet who is responsible for the cyberattacks or how many of its customers are affected by intrusions linked to the vulnerability, which security researchers say is “extremely easy” to exploit.

In a blog post this week, Check Point said the vulnerability in its Quantum network security devices allows for a remote attacker to obtain sensitive credentials from an affected device, which can grant the attackers access to the victim’s wider network. Check Point said attackers began exploiting the bug around April 30. A zero day bug is when a vendor has no time to fix the bug before it is exploited.

The company urged customers to install patches to remediate the flaw.

Check Point has over 100,000 customers, according to its website. A spokesperson for Check Point did not return a request for comment asking how many of its customers are affected by the exploitation.

Check Point is the latest security company in recent months to disclose a security vulnerability in its security products, the very technologies that are designed to protect companies from cyberattacks and digital intrusions.

These network security devices sit on the edge of a company’s network and serve as digital gatekeepers for which users are allowed in, but have a tendency to contain security flaws that can in some cases easily skirt their security defenses and lead to compromise of the customer’s network.

Several other enterprise and security vendors, including Ivanti, ConnectWise, and Palo Alto Networks, have in recent months rushed to fix flaws in their enterprise-grade security products that malicious attackers have exploited to compromise customer networks to steal data. All of the bugs in question are high severity in nature, in large part due to how easy they were to exploit.

In the case of Check Point’s vulnerability, security research firm watchTowr Labs said in its analysis of the vulnerability that the bug was “extremely easy” to exploit once it had been located.

The bug, which watchTowr Labs described as a path-traversal vulnerability, means it’s possible for an attacker to remotely trick an affected Check Point device into returning files that should have been protected and off-limits, such as the passwords for accessing the root-level operating system of the device.

“This is much more powerful than the vendor advisory seems to imply,” said watchTowr Labs researcher Aliz Hammond.

U.S. cybersecurity agency CISA said it added the Check Point vulnerability to its public catalog of known-exploited vulnerabilities. In brief remarks, the government cyber agency said that the vulnerability in question is often used by malicious cyber actors, and that these kinds of flaws pose “significant risks to the federal enterprise.”




Source