TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

GreyNoise

What’s Going on With Check Point (CVE-2024-24919)?

2024-06-04 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
95%
"’ t show up in our public data because they don ’ t actually work ( more on that below ). on the same day ( may 30, 2024 ), watchtowr labs published an amazing write - up that includes a working proof of concept. on that same day, cisa added it to the known exploited vulnerabilit…"
T1190Exploit Public-Facing Application
84%
"what ’ s going on with check point ( cve - 2024 - 24919 )? on may 28, 2024, check point published an advisory ( and emailed customers ) regarding cve - 2024 - 24919, a cvss 8. 6 vulnerability that they described using fairly vague language : " exploiting this vulnerability can re…"
T1190Exploit Public-Facing Application
69%
", we expect to start seeing this type of 0 - day exploitation in sift! ) conclusion with a public proof of concept out, and exploitation quickly ramping up, we recommend patching check point as soon as possible! references - cve - 2024 - 24919 - check point advisory - censys blog…"
T1595.002Vulnerability Scanning
52%
"day ) started scanning for cve - 2024 - 24919. we can ’ t say with certainty whether the hnap scan is related, but it ’ s the only other traffic we ’ ve ever seen from that ip address. in the exploits, the ip attempted to fetch / etc / passwd and / etc / shadow. the first real ex…"
T1190Exploit Public-Facing Application
50%
"attempt ( attempt ), with a non - working exploit, hitting sift on may 30, 2024 - presumably somebody thought they ’ d figured it out and pushed the big “ go ” button a bit too quickly : we started seeing actual exploitation attempts logged in sift on may 31, 2024 : i ’ m always …"

Summary

Check Point recently identified a zero-day information disclosure vulnerability impacting its Network Security gateways. Find out what you need to know about CVE-2024-24919.