🎃 Join us October 31 for a chilling webcast: "Confronting the Creepy Unknowns in Your Network!" Register Now

Start Free Book Demo

Platform
- Overview
  The runZero Platform provides complete security visibility across IT, OT, IoT, cloud, mobile, and remote assets so that you can see and secure everything on your network.
  
  Attack Surface Management
  
  Exposure Mitigation
  
  Risk & Compliance
  
  Fast Deployment & Scalability
- Integrations
  runZero seamlessly integrates with a wide variety of tools, enhancing network visibility, enriching asset data, and uncovering control gaps.
- Community Edition
  Our completely free version of the runZero Platform is ideal for home use and environments with fewer than 100 assets.
Gartner® Peer Insights™ Customers' Choice for CAASM

runZero has been recognized as a Customers’ Choice for cyber asset attack surface management (CAASM) in the 2024 Gartner Voice of the Customer report.

Get the Report
Resources
- runZero Blog
  See what's happening at runZero and read up on the latest ideas, opinions, and articles from our experts and researchers.
- runZero Research
  Explore the world of exposure management through the runZero lens.
  
  Research Blogs
  
  Rapid Responses
- Resource Center
  Dive into a treasure trove of resources to expand your exposure management knowledge.
  
  Webcasts
  
  Solution Briefs
  
  Podcasts
  
  Product Videos
- Support Resources
  Everything you need to maximize your experience with the runZero Platform.
  
  Documentation
  
  REST API
  
  Open Source
  
  Changelog
SSHamble is now available!

Our researchers discovered a broad range of weaknesses across SSH implementations and applications that impact critical network security devices and software. These long standing issues have remained undiscovered due to the lack of tooling available. Enter SSHamble, our new open source tool.

Get SSHamble
Pricing
Customers
- Our Customers
  Our customers are everything. We're super proud to be trusted by leading organizations around the globe to help them improve their security.
- Case Studies
  See how runZero has empowered security teams to take control of their networks, uncover their unknowns, and save significant time and money.
- Testimonials
  Read reviews of the runZero Platform and see how teams have improved their security with our technology.
New Report Published by the U.S. Department of Energy

CECA evaluations confirm runZero's active scanning enhances ICS visibility without performance impact on SCADA.

Read the Report
Partners
- Infinity Partner Program
  See how we can work together to provide best-in-class security solutions and outcomes for our joint customers.
- Trusted Advisor Program
  Do you perform project-based consulting services and want to use runZero to deliver great insights? This program is designed for you!
- Partner Directory
  Explore our directory of trusted (and awesome) partners.
- Partner Login
  Login to our Infinity Partner Portal.
Join our Infinity Partner Program

Designed with a partner-first mindset, the runZero Infinity Partner Program offers incredibly valuable resources, relationships, and rewards to partners who choose to grow their business with us.

Become a runZero Partner
About
- About Us
  Wondering who the heck are these people? Meet the team and get the story behind runZero... once upon a time called Rumble.
- Events
  Track down runZero Yetis in the wild! Join us in-person or virtually at one of our upcoming events.
- Investors
  Meet the cybersecurity investors, trailblazers, and innovators who help us navigate our journey and the evolving security landscape.
- Newsroom
  Read the latest articles, announcements, and press releases from runZero.
- Careers
  Want to join our forces? We're looking for bright minds and passionate souls who want to write the next chapter in exposure management.
runZero Research Report: Volume 1

As a leading CAASM platform, runZero has a unique, insider’s perspective on the state of asset security. See the alarming gaps & unexpected exposures that our research team uncovered.

Get the Research Report

🎃 Join us October 31 for a chilling webcast: "Confronting the Creepy Unknowns in Your Network!" Register Now

Overview
The runZero Platform provides complete security visibility across IT, OT, IoT, cloud, mobile, and remote assets so that you can see and secure everything on your network.
Integrations
runZero seamlessly integrates with a wide variety of tools, enhancing network visibility, enriching asset data, and uncovering control gaps.
Community Edition
Our completely free version of the runZero Platform is ideal for home use and environments with fewer than 100 assets.

Gartner® Peer Insights™ Customers' Choice for CAASM

runZero has been recognized as a Customers’ Choice for cyber asset attack surface management (CAASM) in the 2024 Gartner Voice of the Customer report.

Get the Report

runZero Blog
See what's happening at runZero and read up on the latest ideas, opinions, and articles from our experts and researchers.
runZero Research
Explore the world of exposure management through the runZero lens.
- Research Blogs
- Rapid Responses
Resource Center
Dive into a treasure trove of resources to expand your exposure management knowledge.
Support Resources
Everything you need to maximize your experience with the runZero Platform.

SSHamble is now available!

Our researchers discovered a broad range of weaknesses across SSH implementations and applications that impact critical network security devices and software. These long standing issues have remained undiscovered due to the lack of tooling available. Enter SSHamble, our new open source tool.

Get SSHamble

Our Customers
Our customers are everything. We're super proud to be trusted by leading organizations around the globe to help them improve their security.
Case Studies
See how runZero has empowered security teams to take control of their networks, uncover their unknowns, and save significant time and money.
Testimonials
Read reviews of the runZero Platform and see how teams have improved their security with our technology.

New Report Published by the U.S. Department of Energy

CECA evaluations confirm runZero's active scanning enhances ICS visibility without performance impact on SCADA.

Read the Report

About Us
Wondering who the heck are these people? Meet the team and get the story behind runZero... once upon a time called Rumble.
Events
Track down runZero Yetis in the wild! Join us in-person or virtually at one of our upcoming events.
Investors
Meet the cybersecurity investors, trailblazers, and innovators who help us navigate our journey and the evolving security landscape.
Newsroom
Read the latest articles, announcements, and press releases from runZero.
Careers
Want to join our forces? We're looking for bright minds and passionate souls who want to write the next chapter in exposure management.

runZero Research Report: Volume 1

As a leading CAASM platform, runZero has a unique, insider’s perspective on the state of asset security. See the alarming gaps & unexpected exposures that our research team uncovered.

Get the Research Report

Infinity Partner Program
See how we can work together to provide best-in-class security solutions and outcomes for our joint customers.
Trusted Advisor Program
Do you perform project-based consulting services and want to use runZero to deliver great insights? This program is designed for you!
Partner Directory
Explore our directory of trusted (and awesome) partners.
Partner Login
Login to our Infinity Partner Portal.

Join our Infinity Partner Program

Designed with a partner-first mindset, the runZero Infinity Partner Program offers incredibly valuable resources, relationships, and rewards to partners who choose to grow their business with us.

Become a runZero Partner

On This Page:

Latest Check Point Software vulnerabilities
What is the impact?
Are updates or workarounds available?
How do I find potentially vulnerable Check Point devices with runZero?

How to find Check Point devices

Tom Sellers

|

Updated May 31, 2024, 12:36pm EDT

Latest Check Point Software vulnerabilities #

On May 28, 2024, Check Point disclosed a serious vulnerability in Check Point Security Gateway Devices with certain remote access software blades (security modules) enabled. Per their guidance, devices are impacted if one of the following conditions are met:

The IPsec VPN Blade is enabled, but ONLY when included in the Remote Access VPN community.
The Mobile Access Software Blade is enabled.

The issue, identified as CVE-2024-24919, allows reading arbitrary files on the targeted appliance by unauthenticated remote attackers. This vulnerability could be leveraged to read sensitive files such as those containing password hashes, certificates, and ssh keys.

This vulnerability has a CVSS score of 8.6 out of 10, indicating that this is a high risk vulnerability. According to their disclosure and information provided by CISA this vulnerability is being actively exploited. A report from mnemonic.io states that they have observed attacks at least as far back as April 30, 2024.

What is the impact? #

Upon successful exploitation of the vulnerability, unauthenticated remote attackers could access password hashes for local users. If the hashes are cracked the attacker may be able to log into these user accounts if secondary controls, such as MFA, are not enforced. This includes service accounts that may be used to access Active Directory or other services. Attackers could leverage this information to move across a target's network.

Are updates or workarounds available? #

Check Point has released a software updates to address this vulnerability. They also provide guidance for other measures that should be taken after the vulnerability has been addressed. These can be found in their advisory.

How do I find potentially vulnerable Check Point devices with runZero? #

From the Asset Inventory, use the following query to locate assets that may be running the vulnerable operating system in your network:

hardware:"Check Point" AND (_service.last.http.body:"Check Point Mobile" OR _service.http.body:"Check Point Mobile" OR udp_port:500)

Written by Tom Sellers

Tom Sellers is a Principal Research Engineer at runZero. In his 25 years in IT and Security he has built, broken, and defended networks for companies in the finance, service provider, and security software industries. He has built and operated Internet scale scanning and honeypot projects. He is credited on many patents for network deception techonology. A strong believer in Open Source he has contributed to projects such as Nmap, Metasploit, and Recog.

More about Tom Sellers

Related Articles

Rapid Response

How to find SolarWinds Web Help Desk services on your network

CISA has announced that CVE-2024-28987 is actively being exploited in SolarWinds' Web Help Desk software. Here's how to find potentially affected...

Rapid Response

How to find SuperMicro BMCs

Supermicro released a vulnerability advisory for a critical CVE that allows for remote code execution (CVE-2024-36435). Here's how to find impacted...

Rapid Response

How to find OpenPrinting CUPS services on your network

Several vulnerabilities within OpenPrinting CUPS potentially allow for remote code execution. Here's how to find impacted assets.

Rapid Response

How to find Advantech ADAM devices on your network

Advantech has disclosed multiple vulnerabilities in their ADAM 5000 series Ethernet I/O modules. Here's how to find them on your network.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

Try It Free

© Copyright 2024 runZero, Inc. All Rights Reserved