The Bottom Line: Attackers are exploiting a vulnerability in the outdated IKEv1 protocol to compromise Check Point VPN systems – disabling IKEv1 is urgently required.
A security vulnerability in Check Point VPN appliances is being actively exploited by attackers to gain access to corporate networks via the outdated IKEv1 protocol. CISOs must disable IKEv1 and review their VPN configurations.
Check Point’s VPN solutions are targets of active attacks that exploit a weakness in the supposedly obsolete IKEv1 protocol (Internet Key Exchange Version 1). The protocol is an outdated method for establishing encrypted VPN tunnels and has already been declared obsolete by the IETF, but remains enabled in many environments for compatibility reasons.
The vulnerability allows attackers to compromise VPN connections and gain deep access to internal networks. Ransomware gangs deliberately use these attack vectors to penetrate corporate networks and prepare encryption attacks. The attack pattern is no coincidence: many organizations leave IKEv1 enabled in default setups because legacy devices or older client software still require it.
This creates two concrete measures for CISOs: First, affected Check Point systems should be reviewed and updated immediately. Second, a fundamental inventory assessment is required – which client systems absolutely require IKEv1 and which can already be migrated to the modern, more secure IKEv2. The de facto deprecation of IKEv1 was no accident: the older protocol has known cryptographic weaknesses and presents attack surface that modern alternatives do not have.
In risk management, the principle of least privilege applies here: only actually required legacy protocols should be enabled. Whoever can completely disable IKEv1 should do so and update or replace affected clients.
Source: www.golem.de · Published 29 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.