Cybersecurity company Check Point has reported that attackers are exploiting a zero-day vulnerability in its enterprise VPN products to infiltrate the corporate networks of its clients.
The technology provider has not yet disclosed who is behind these cyberattacks or the number of customers affected by the vulnerability, which security experts describe as “extremely easy” to exploit.
In a blog post this week, Check Point highlighted the vulnerability in its Quantum network security devices, which allows a remote attacker to obtain sensitive credentials from an affected device, potentially granting access to the broader network of the victim. Check Point noted that attackers began exploiting this bug around April 30. A zero-day bug indicates that the vendor had no time to address the flaw before it was exploited.
The company urged customers to install patches to mitigate the flaw.
According to its website, Check Point serves over 100,000 customers. A spokesperson for Check Point did not respond to queries regarding the exact number of customers impacted by this issue.
Check Point is the latest security firm in recent months to acknowledge a vulnerability in its products, designed specifically to shield companies from cyberattacks and intrusions.
These network security devices act as digital gatekeepers at the edge of a company’s network, controlling user access. However, they often harbor security weaknesses that can bypass their defenses and compromise the customer’s network.
Several other enterprise and security vendors, including Ivanti, ConnectWise, and Palo Alto Networks, have recently rushed to address flaws in their high-grade security products that attackers have exploited to breach customer networks and steal data. These bugs are deemed high severity largely due to their ease of exploitation.
Regarding Check Point’s vulnerability, security research firm watchTowr Labs described in its analysis of the vulnerability that the bug is “extremely easy” to exploit once identified.
WatchTowr Labs characterized the bug as a path-traversal vulnerability that allows an attacker to remotely trick an affected Check Point device into revealing files that should have been secure, such as passwords for accessing the device’s root-level operating system.
“This is much more powerful than the vendor advisory seems to imply,” stated watchTowr Labs researcher Aliz Hammond.
The U.S. cybersecurity agency CISA has included the Check Point vulnerability in its public catalog of known-exploited vulnerabilities. In brief remarks, the agency noted that such vulnerabilities are routinely used by malicious cyber actors and pose “significant risks to the federal enterprise.”
