漏洞概述
影响范围
受影响产品:CloudGuard Network、Quantum Maestro、Quantum Scalable Chassis、Quantum Security Gateways、Quantum Spark Appliances
受影响版本:R77.20 (EOL)、R77.30 (EOL)、R80.10 (EOL)、R80.20 (EOL)、R80.20.x、R80.20SP (EOL)、R80.30 (EOL)、R80.30SP (EOL)、R80.40 (EOL)、R81、R81.10、R81.10.x、R81.20
处置建议
版本更新
目前官方已发布修复方案,受影响的用户建议手动下载安装:
Quantum Security Gateway:R80.40、R81、R81.10、R81.20
Quantum Maestro和Quantum Scalable Chassis:R80.20SP 、R80.30SP
Quantum Spark Appliances:R81.10.10、R81.10.08、R80.20.60、R77.20.87、R77.20.81
下载链接:
01 访问安全网关管理系统:登录您的Check Point安全设备的Gaia Portal管理界面;
02 导航至更新路径:在Portal内,依次展开菜单至“Software Updates”(软件更新)> “Available Updates”(可获取更新)分类下的“Hotfix Updates”(热修复补丁)部分;
03 执行安装操作:在列出的热修复补丁中,识别出与CVE-2024-24919相对应的更新项,随后点击“Install”(安装)按钮发起安装进程,请耐心等待直至系统通知安装顺利完成;
在整个过程中,请确保在计划的维护时段执行这些操作,减少对业务连续性的潜在影响,并在执行任何更新前完成必要的配置备份,作为应对任何意外情况的恢复预案。
参考链接
-
https://support.checkpoint.com/results/sk/sk182336
-
https://support.checkpoint.com/results/sk/sk182337
-
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
-
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
-
https://www.bleepingcomputer.com/news/security/check-point-vpn-zero-day-exploited-in-attacks-since-april-30/
原文始发于微信公众号(众智维安):高危漏洞预警|Check Point Security Gateways 发现漏洞(CVE-2024-24919)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论