Govt Warns Users Of Vulnerability In Check Point Gateway Products

SUMMARY

This vulnerability could potentially enable hackers to compromise users’ data

Attackers could exploit this vulnerability to gain access to specific information on internet-connected gateways configured with IPSec VPN

Check Point has also released a solution to prevent exploitation of this vulnerability

The Indian Computer Emergency Response Team (CERT-In) has identified a vulnerablity in cybersecurity solutions provider Check Point’s gateway products.

As per the advisory, the vulnerability could potentially enable hackers to compromise users’ data. 

It further said that attackers could exploit this vulnerability to gain access to specific information on internet-connected gateways configured with IPSec VPN, remote access VPN or mobile access software blades.

“This vulnerability exists in Check Point Network Security gateway products due to the unrecommended password-only authentication method,” the advisory said.

“Successful exploitation of this vulnerability could allow the attacker to access certain information on internet-connected gateways configured with IPSec VPN, remote access VPN, or mobile access software blades. This, in certain scenarios, could potentially lead the attacker to move laterally and gain domain admin privileges,” it added.

Check Point issued the advisory last Tuesday. The company has released a solution to prevent exploitation of this vulnerability.

“Check Point’s dedicated task force continues investigating attempts to gain unauthorised access to VPN products used by our customers. On May 28, 2024 we discovered a vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade. Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway,” it said.

With increasing digitisation, there has also been a rise in cybercrimes in the country. The Centre is taking various measures to curb this surge in cybercrimes and financial frauds. 

The Ministry of Home Affairs’ cyber crime unit launched the ‘Pratibimb’ app last month, aiding law enforcement in real-time tracking of cyber criminals. 

Additionally, the Department of Telecommunications introduced the Digital Intelligence Platform for real-time information sharing among stakeholders, and the Chakshu portal for reporting fraud communications.

Besides, many new startups are emerging to tackle cybersecurity challenges, recognising the increasing importance of safeguarding digital assets in today’s interconnected world.

Some startups in this space are TAC Infosec, Safe Security, BluSapphire Cyber Systems, among others.

Leave a Comment