NEW DELHI: The Indian Computer Emergency Response Team (CERT-In) has warned that vulnerabilities in Check Point Network Security Gateway products could allow hackers to compromise user data.
According to the national cybersecurity agency's advisory, attackers could use the vulnerability to gain access to certain information on “internet-facing gateways configured as IPSec VPN, remote access VPN, or mobile access software blades.”
This could allow attackers to move laterally and gain domain administrator privileges in certain scenarios, officials warned.
Checkpoint Network Security gateway products contain vulnerabilities due to a deprecated password-only authentication method.
CERT-In said “this vulnerability (CVE-2024-24919) is being exploited in the wild,” and urged users to apply the patch issued by the company.
Checkpoint discovered the vulnerability and issued a fix.
“Following this security update, Check Point's dedicated task force continues to investigate attempts to gain unauthorized access to VPN products used by our customers,” the company said in its security update.
“This vulnerability could be exploited to access sensitive information on the security gateway,” it added.
CERT-In, which works under the Ministry of Electronics and Information Technology, last week warned users about vulnerabilities in Google Chrome and Siemens products that could allow attackers to execute arbitrary code on targeted systems.
The most read articles on the Internet
Join a community of over 2 million industry professionals
Subscribe to our newsletter for the latest insights and analysis.
Download the ETTelecom app
- Get real-time updates
- Save your favorite articles
