Indian Cyber Security Agency Warns Users About A Bug In Checkpoint
Gateway Products
(MENAFN- IANS) New Delhi, June 1 (IANS) The Indian Computer Emergency Response Team (CERT-In) has warned about a vulnerability in Checkpoint Network Security gateway products, which could allow hackers to compromise users' data.
According to its advisory by the national cyber-security agency, attackers can use the vulnerability to access certain information on“internet-connected gateways configured with IPSec VPN, remote access VPN, or mobile access software blades”.
This, in certain scenarios, could potentially lead the attacker to move laterally and gain domain admin privileges, warned the agency.
The vulnerability exists in Checkpoint Network Security gateway products due to the unrecommended password-only authentication method.
“The vulnerability (CVE-2024-24919) is being exploited in the wild,” said CERT-In, urging users to apply fixes issued by the company.
Checkpoint has discovered the vulnerability and issued the fix.
“Following our security update, Check Point's dedicated task force continues investigating attempts to gain unauthorised access to VPN products used by our customers,” said the company in its security update.
“Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway,” it added.
CERT-In, which comes under the Ministry of Electronics & Information Technology, last week warned users of vulnerabilities in Google Chrome and Siemens products, which could allow an attacker to execute arbitrary code on the targeted system.
MENAFN01062024000231011071ID1108283947
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.