This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best Practices to Patch and Remediate CVE-2024-24919

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
2 4 2,530
‎2024-06-03 12:50 PM

While we have a thread on CheckMates related to CVE-2024-24919, we wanted to highlight the various resources we have related to this issue to assist in your patch and remediate efforts. This post will be added to the coming days and weeks.

You should, of course, follow the following SKs for the latest information:

We've created a number of videos on various aspects of patching and remediating from CVE-2024-24919 that are highlighted below. We also have a playlist on YouTube with these videos and more: https://www.youtube.com/playlist?list=PLMAKXIJBvfAiD8JbRZJGb2Bnrr7qkI5Fb 

Hotfix Installation and Triage on Quantum Appliances

How to install CVE-2024-24919 Hotfix on Quantum Spark (SMB) Appliances

How to Install Hotfixes with SmartConsole

How to Mitigate CVE-2024-24919 on Quantum Security Gateways If You Cannot Patch

Resetting LDAP Credentials

Note: It is critical to make sure when you reset the LDAP credentials that you are using a user with the minimum privileges necessary (i.e. not Domain Admin).  

Moving From Password to Certificate Based Authentication on Quantum Management

Bulk Reset of Passwords in Gaia OS

 

 

4 Comments
Moti
Admin
Admin
‎2024-06-03 01:57 PM

Very important!! 

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-06-03 02:07 PM

Thank you @PhoneBoy 

0 Kudos
Danny
MVP Gold
MVP Gold
‎2024-06-03 02:35 PM

Many of our customers ask which of their data was actually read out via the VPN information disclosure weakness in order to justify the effort of resetting all passwords, LDAP credentials, HTTPS inspection certs, SSH certs etc.

We currently have to check all IPS capture files manually to be able to answer this question.

It would be nice if this could be automated by checking all capture files in $FWDIR/log/blob (sk120773) with a script. Those blob files are tgz archives that contain a file which appears to hold a base64 encoded string with the actual pcap contents, however I'm unable to decode that string. If you'd help me to decode the blob string into pcap I would create a script that shows all resources which have been exposed and therefore need to be reset.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-06-03 02:38 PM

@Danny Totally valid point mate. I find myself in the same situation...doing this manually is not fun, to avoid using the actual term lol

0 Kudos
Labels