(TLP:CLEAR) MS-ISAC Advisory: A Vulnerability in Check Point Security Gateways Could Allow for Credential Access

WaterISAC is passing through this MS-ISAC Cybersecurity Advisory shared yesterday regarding a recently discovered vulnerability in Check Point Security Gateways, which has the potential to allow credential access. The advisory includes an overview, threat intelligence briefing, a technical summary, and recommended mitigations. WaterISAC encourages members who use Check Point Security Gateways to review the advisory and apply proper mitigations as recommended.

A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential access to local accounts due to an arbitrary file read vulnerability. Other sensitive files such as SSH keys and certificates may also be read. Depending on the privileges associated with the accounts, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Local accounts that are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights.

Systems Affected:

• Quantum Security Gateway and CloudGuard Network Security prior to R81.20, R81.10, R81, R80.40
• Quantum Maestro and Quantum Scalable Chassis prior to R81.20, R81.10, R80.40, R80.30SP, R80.20SP
• Quantum Spark Gateways prior to R81.10.x, R80.20.x, R77.20.x

Access the full advisory below.