Executive Summary
Recently, Ivanti has been facing significant challenges as multiple vulnerabilities have been exploited on a massive scale.
Afterwards, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued urgent alerts and directives that impacted U.S. federal agencies.
All organisations using the affected Ivanti products must promptly review and follow the instructions to mitigate the risks.
CISA Warnings
CISA has recently issued a directive for the federal agencies in the US. The directive instructed them to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances by February 2, 2024.
This stern measure was taken due to the active exploitation of multiple security vulnerabilities by threat actors.
Additionally, CISA has included the exploited Ivanti vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog.
Critical Vulnerabilities Affecting Ivanti Connect Secure and Policy Secure
This is an authentication bypass vulnerability in Ivanti Connect Secure and Ivanti Policy Secure, with a CVSS score of 8.2.
It is actively exploited worldwide with widespread attempts across various sectors. Please refer to our news article for more information about this flaw.
This is a command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure, with a CVSS score of 9.1.
It is actively exploited, leading to the deployment of cryptominers and various Remote Monitoring and Management (RMM) software.
Please refer to our news article for more information about this flaw.
This is a Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA). It has a CVSS score of 8.2.
Exploit chains have been occurring following the release of a Proof of Concept (PoC) exploit.
Please refer to Ivanti’s advisory for more information about this vulnerability.
This is a privilege escalation vulnerability in the web component of Ivanti Connect Secure and Ivanti Policy Secure, with a CVSS score of 8.8.
While there is currently no evidence of exploitation, the risk remains high due to the vulnerability’s nature.
Critical Vulnerability Affecting Ivanti Endpoint Manager Mobile
CVE-2023-35082: This is an authentication bypass vulnerability in Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core, with a CVSS score of 9.8. It is also actively exploited, resulting in unauthorised access to personally identifiable information and potential server backdooring.
Please refer to our news article for more information about this flaw.
Closing Comments
In response to the widespread exploitation of these vulnerabilities, organisations using Ivanti Connect Secure, Policy Secure, and Ivanti Endpoint Manager Mobile must take immediate action. It is crucial for organisations to follow the instructions provided by CISA and Ivanti in order to mitigate the risks and secure their systems.
- [CVSS 8+] Atlassian Addresses 28 High-Severity Vulnerabilities
- White House Reveals OMB Strategy for AI-Related Risks
- Five Eyes’ Defense Guidance Against Volt Typhoon
- ‘MFA Bombing’ Attacks Target Apple Users
- [CVSS 9+] Apache Struts Vulnerability: Update Now!
- Critical Security Gaps in Thousands MS Exchange Servers