CVE-2024-24919 Exploitation, Veriti Proactive Remediation 

by | Jun 3, 2024

Over the past few days, there has been a significant rise in exploitation attempts of the Check Point vulnerability identified as CVE-2024-24919. This increase is not isolated but part of a larger pattern of sophisticated cyber attacks that utilize both manual and automated tools to scan and exploit vulnerabilities across various VPN systems.

Technical Overview of CVE-2024-24919

This high-severity vulnerability predominantly impacts devices configured with IPSec VPN or Mobile Access software blades. It exploits a path traversal flaw, allowing attackers to access all resources on the gateway without any user interaction or authentication.

The exploitation patterns for CVE-2024-24919 include extracting password hashes for local accounts and potentially accessing the ‘ntds.dit’ file from Active Directory servers. System logs such as /var/log/messages, /var/log/audit/audit.log, and /var/log/auth record logs of successful administrative panel or SSH logins, which could indicate an exploit.

In response, Check Point has released several hotfixes and recommends resetting LDAP passwords and implementing other security measures to mitigate the risk. However, the exploit’s simplicity and severe implications make it a potent tool for cyber criminals.

Automation in Attack Strategies

Attackers have intensified their operations by utilizing automation tools like the FUF Security Scanner and VER0 Nikto Security Scanner. These tools enable them to efficiently discover and exploit multiple vulnerable VPNs across a broad spectrum, indicating a shift towards more systematic and wide-reaching cyber-attacks.

Our investigations reveal that these attacks target numerous industries and countries, with tens of thousands of exploit attempts documented. The scope and precision of these attacks suggest that sophisticated threat actors, possibly linked to cyber criminal groups like Trigona Ransom, Risepro, and Androxgh0st, are orchestrating these activities.

We have discovered evidence that universities, government organizations, and manufacturing firms are likely using a version of the software that is vulnerable. Additionally, it is crucial to highlight that most instances are linked to service providers. Another noteworthy observation is the deployment of dozens of honeypots following the release of the CVE. Researchers have set up these honeypots to detect active exploitation and monitor any subsequent lateral movement activities.

Further analysis shows that this trend is part of a broader vulnerability landscape in 2024, affecting all major VPN vendors. These vulnerabilities pose a significant risk as they allow attackers to bypass traditional security mechanisms and gain unauthorized access to sensitive organizational data.

Jan 10

CVE-2024-21887

JAN 31

CVE-2024-21893

Feb 8

CVE-2024-21762

Feb 9

CVE-2024-22024

Apr 12

CVE-2024-3400

Apr 24

CVE-2024-20353 | CVE-2024-20359

Apr 28

CVE-2024-24919

Stay Proactive 

To assist in detecting and remediating these attacks, we have compiled a list of IP addresses associated with the exploitation of CVE-2024-24919 that can be blocked for their malicious activity: 

  • 108.181.7.17 
  • 137.220.244.18 
  • 38.181.79.230 
  • 172.247.15.222 
  • 103.100.209.24 
  • 185.153.151.137 
  • 156.234.193.18 
  • 23.95.44.80 
  • 154.38.105.109 
  • 154.223.21.222 
  • 172.247.15.236 
  • 154.90.44.73 
  • 203.160.68.12 
  • 23.227.203.36 
  • 82.180.133.120 
  • 87.120.8.173 
  • 66.42.63.227 
  • 184.95.51.10 
  • 172.233.254.133 
  • 167.99.112.236 

Veriti’s Proactive Exposure Assessment 

In response to these threats, the Veriti Exposure Assessment and Remediation platform has proactively adjusted configurations to block these exploitation attempts, delivering real-time, automated defenses without human intervention. By automatically blocking critical vulnerabilities like CVE-2024-24919 before they could be exploited, Veriti users enjoy proactive threat management without any business disruptions. 

We have been using Veriti for a year now. Our security policies have been improved and our general security hygiene is in a better state. We also enabled the automatic IoC feature as remediating the numerous IoCs daily was getting cumbersome. The true value of Veriti was on display in the recent [Check Point] vulnerability. We are a Check Point Elite Partner and the vendor reached out to us about an issue that surfaced around VPNs. The issue eventually made it to a CVE status, and we were working with our customers on a mitigation plan and taking the recommended steps by the vendor. We had not gotten to patch our own firewalls, but when I checked Veriti for the CVE it had already blocked an attempt to exploit the vulnerability. Veriti gives us peace of mind that we are protected even when we have not patched yet. This is what security tools are supposed to do. Protect you from yourself.
Scott Perzan

Director of IT and Security Services Technology , Atlantic Data Security

Conclusion 

The persistent and evolving nature of cyber threats like those exploiting CVE-2024-24919 underscores the necessity for organizations to adopt a proactive, intelligence-driven approach to cyber security. Veriti’s solutions provide the advanced capability to detect, analyze, and remediate threats safely, in real-time, ensuring that your security posture is responsive to dynamic threats. 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

GENERATIVE AI SECURITY

Chat with your environment to cut MTTR times drastically

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

MITRE ATT&CK®

Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

SEC AND THE BUSINESS

A security pro’s guide to exposure assessments and remediation

 

Read Whitepaper >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs