High Threat Security Alert (A24-01-08): Multiple Vulnerabilities in Ivanti Products

Description:

Ivanti released a security advisory to address multiple vulnerabilities in Ivanti products. For information about the vulnerabilities, please refer to the corresponding security advisory at vendor's website.
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways

Reports indicate that the security restriction bypass vulnerability (CVE-2023-46805) and remote code execution vulnerability (CVE-2024-21887) in Ivanti products are being exploited in the wild. Attackers could chain the two vulnerabilities together to achieve unauthenticated remote code execution on vulnerable systems. As patches have yet been available, system administrators are advised to take immediate actions to apply the latest workaround recommended by Ivanti.

Ivanti has disclosed two additional vulnerabilities (CVE-2024-21888 and CVE-2024-21893) affecting Ivanti Connect Secure and Policy Secure Gateways with version prior to 9.x and 22.x. Ivanti has also released security patches and NEW mitigation measures to address all vulnerabilities in the security alert (i.e. CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893). System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Ivanti Connect Secure (formerly known as Pulse Connect Secure) prior to version 9.x, 22.x
• Ivanti Policy Secure Gateways prior to version 9.x, 22.x

Please note that older unsupported and End-Of-Life (EOL) versions are also vulnerable with no patches provided. System administrators should arrange to upgrade the unsupported and EOL versions to supported versions or migrate to other supported technology.

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution or security restriction bypass on an affected system.

Recommendation:

Patches for the affected systems are not yet available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk. For information about the workaround, please refer to the corresponding article at vendor's website.
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways

It is recommended to properly assess the impact before adopting the workaround and consult the vendors for the assistance. As a security best practice, management access should be restricted to trusted users and devices over a secure network only.

More Information:

• https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways
• https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways
• https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways
• https://forums.ivanti.com/s/article/KB44764
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21887
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21893
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21888