Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Best Practices to Patch and Remediate CVE-2024-24919

PhoneBoy
Admin
Admin
2 4 1,390

While we have a thread on CheckMates related to CVE-2024-24919, we wanted to highlight the various resources we have related to this issue to assist in your patch and remediate efforts. This post will be added to the coming days and weeks.

You should, of course, follow the following SKs for the latest information:

We've created a number of videos on various aspects of patching and remediating from CVE-2024-24919 that are highlighted below. We also have a playlist on YouTube with these videos and more: https://www.youtube.com/playlist?list=PLMAKXIJBvfAiD8JbRZJGb2Bnrr7qkI5Fb 

Hotfix Installation and Triage on Quantum Appliances

How to install CVE-2024-24919 Hotfix on Quantum Spark (SMB) Appliances

How to Install Hotfixes with SmartConsole

How to Mitigate CVE-2024-24919 on Quantum Security Gateways If You Cannot Patch

Resetting LDAP Credentials

Note: It is critical to make sure when you reset the LDAP credentials that you are using a user with the minimum privileges necessary (i.e. not Domain Admin).  

Moving From Password to Certificate Based Authentication on Quantum Management

Bulk Reset of Passwords in Gaia OS

 

 

4 Comments
Moti
Admin
Admin

Very important!! 

the_rock
Legend
Legend

Thank you @PhoneBoy 

Danny
Champion Champion
Champion

Many of our customers ask which of their data was actually read out via the VPN information disclosure weakness in order to justify the effort of resetting all passwords, LDAP credentials, HTTPS inspection certs, SSH certs etc.

We currently have to check all IPS capture files manually to be able to answer this question.

It would be nice if this could be automated by checking all capture files in $FWDIR/log/blob (sk120773) with a script. Those blob files are tgz archives that contain a file which appears to hold a base64 encoded string with the actual pcap contents, however I'm unable to decode that string. If you'd help me to decode the blob string into pcap I would create a script that shows all resources which have been exposed and therefore need to be reset.

the_rock
Legend
Legend

@Danny Totally valid point mate. I find myself in the same situation...doing this manually is not fun, to avoid using the actual term lol

Labels