Rough day for Checkpoint Owners

Thy_OSRS · March 11, 2025, 1:23pm

CVE-2024-24919

Potentially allowing an attacker to read certain information on check point security gateways, once connected to the internet and enabled with remote access VPN or mobile access software blades.

mmaeso · March 11, 2025, 1:23pm

Every day is a rough day for Checkpoint admins

notSPRAYZ · March 11, 2025, 1:23pm

Well pray for those who have checkpoint firewalls. Stay safe out there folks.

tinuz84 · March 11, 2025, 1:23pm

This is why the industry needs to move to ZTNA asap. No more incoming connections to on-premise environments, because SSL / IPsec VPN is under constant attack and all big NGFW vendors have frequent vulnerabilities in these specific modules. Today is a rough day for Check Point owners, tomorrow Palo Alto, and the day after Fortinet. It just never ends.

jennytullis · March 11, 2025, 1:23pm

2024 year of the vulns

leftplayer · March 11, 2025, 1:23pm

Hmm… I thought these big $$$ firewalls are completely bulletproof… at least that’s what the vendor says about my $600 Mikrotik which will outperform any firewall and get CVEs resolved within hours …

Bluecobra · March 11, 2025, 1:23pm

Man that is the truth. I was dealing with issues on almost a daily basis, R76 was a real turd. I felt like I was a full time Linux sysadmin. Moved to PA since and never looked back.

Angryceo · March 11, 2025, 1:23pm

*brings back terrible memories from mid 2000’s*

AxisVPN · March 11, 2025, 1:23pm

It’s a much rougher day using ZTNA products where apps don’t work well for users and there’s constant issues and complaints 24/7, just saying. Versus just installing one security patch

Fuzzybunnyofdoom · March 11, 2025, 1:23pm

I haven’t seen many vulns in ipsec over the last few years but have seen a ton for sslvpn across all vendors.

FuzzyEclipse · March 11, 2025, 1:23pm

tomorrow Palo Alto

No PA was last month. CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

Dariz5449 · March 11, 2025, 1:23pm

I am a major advocate of Cisco Secure Access and its ZTNA, I’m really promoting this largely and big LinkedIn community… However! ZTNA doesn’t solve everything, ZTNA, ZTAA or ZTA doesn’t remove the need for VPNs in all cases. There is still legacy applications requiring server to client, or client to client communications which ZTNA doesn’t support.

Moving applications and user into a Zero Trust with NA is cool and way forward, but legacy apps will exist and you still need some kind of RAVPN.

Thy_OSRS · March 11, 2025, 1:23pm

I really felt your pain brother.

broknbottle · March 11, 2025, 1:23pm

Because they all are using the same crap below their pretty GUIs and CLIs