Vulnérabilité critique sur Check Point VPN (CVE-2024-24919) (uniquement en anglais)

The CSSF has been made aware of a recent critical information disclosure vulnerability (CVE-2024-24919) in Check Point VPN, which is actively exploited. Successful exploitation of this vulnerability allows a remote attacker to obtain sensitive information, including key materials, user credentials, and configuration files from the operating system.

CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL: https://circl.lu/pub/tr-86/.

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.