Vulnerabilities

CVE-2024-21887 & CVE-2023-46805 Ivanti Connect Secure and Policy Secure Gateways Zero Day Vulnerabilities

Written by Critical Insight | Jan 11, 2024 9:27:40 PM

This advisory is for organizations that use Ivanti Connect Secure as a VPN solution or Ivanti Policy Secure as a network access control solution.  If your organization does not use Ivanti products, this notification may be discarded.

Summary

Ivanti has released Security Advisories and made mitigation strategies available to address an authentication bypass and command injection vulnerabilities on targeted gateways. These attacks may be chained to allow an unauthenticated remote user to obtain administrative access and run arbitrary commands on affected platforms.

These vulnerabilities are being actively exploited.

CVE-2023-46805 Authentication bypass vulnerability

               CVSSv3: 8.2

               This is an authentication bypass vulnerability that can circumvent MFA controls in the web component of Ivanti Connect Secure and Ivanti Policy Secure which would allow an attacker to bypass control checks and obtain authenticated access.

 

CVE-2024-21887 – Command injection vulnerability

                CSVVv3: 9.1

                Would allow an attacker to send privileged requests and execute arbitrary commands on Ivanti Connect Secure and Ivanti Policy Secure.

 

Affected Platforms

Ivanti Connect Secure v. 9.x, 22.x

Ivanti Policy Secure

 

Mitigations

Though a patch has not yet been released, Ivanti has provided mitigation strategies.  Ivanti warns that these mitigations will result in product service degradation.

 

“We have seen evidence of threat actors attempting to manipulate Ivanti’s internal integrity checker (ICT). Out of an abundance of caution, we are recommending that all customers run the external ICT. We have added new functionality to the external ICT that will be incorporated into the internal ICT in the future. We regularly provide updates to the external and internal ICT, so customers should always ensure they are running the latest version of each.”

https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

 

Additional Resources

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/