Avulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential access to local accounts due to an arbitrary file read vulnerability. Other sensitive files such as SSH keys and certificates may also be read. Depending on the privileges associated with the accounts, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Local accounts that are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights.

Systems Affected

• Quantum Security Gateway and CloudGuard Network Security prior to R81.20, R81.10,
  R81, R80.40
• Quantum Maestro and Quantum Scalable Chassis prior to R81.20, R81.10, R80.40,
  R80.30SP, R80.20SP
• Quantum Spark Gateways prior to R81.10.x, R80.20.x, R77.20.x

Risk
1. Government:

– Large and medium government entities: High
– Small government entities: High

2. Businesses:
– Large and medium business entities: High
– Small business entities: High

3. Home Users – Low

Recommendations

• Apply the updates provided by Check Point to vulnerable systems immediately after appropriate testing.
• Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

Reporting

The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.

For any further questions, contact us here at Cyber Command.