Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Massive Ivanti Vulnerability Exploits

Executive Summary

Recently, Ivanti has been facing significant challenges as multiple vulnerabilities have been exploited on a massive scale.

Afterwards, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued urgent alerts and directives that impacted U.S. federal agencies.

All organisations using the affected Ivanti products must promptly review and follow the instructions to mitigate the risks.

CISA Warnings

CISA has recently issued a directive for the federal agencies in the US. The directive instructed them to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances by February 2, 2024.

This stern measure was taken due to the active exploitation of multiple security vulnerabilities by threat actors.

Additionally, CISA has included the exploited Ivanti vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog.

Critical Vulnerabilities Affecting Ivanti Connect Secure and Policy Secure

CVE-2023-46805

This is an authentication bypass vulnerability in Ivanti Connect Secure and Ivanti Policy Secure, with a CVSS score of 8.2.

It is actively exploited worldwide with widespread attempts across various sectors. Please refer to our news article for more information about this flaw.


CVE-2024-21887

This is a command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure, with a CVSS score of 9.1.

It is actively exploited, leading to the deployment of cryptominers and various Remote Monitoring and Management (RMM) software.

Please refer to our news article for more information about this flaw.


CVE-2024-21893

This is a Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA). It has a CVSS score of 8.2.

Exploit chains have been occurring following the release of a Proof of Concept (PoC) exploit.

Please refer to Ivanti’s advisory for more information about this vulnerability.


CVE-2024-21888

This is a privilege escalation vulnerability in the web component of Ivanti Connect Secure and Ivanti Policy Secure, with a CVSS score of 8.8.

While there is currently no evidence of exploitation, the risk remains high due to the vulnerability’s nature.

Critical Vulnerability Affecting Ivanti Endpoint Manager Mobile

CVE-2023-35082: This is an authentication bypass vulnerability in Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core, with a CVSS score of 9.8. It is also actively exploited, resulting in unauthorised access to personally identifiable information and potential server backdooring.

Please refer to our news article for more information about this flaw.

Closing Comments

In response to the widespread exploitation of these vulnerabilities, organisations using Ivanti Connect Secure, Policy Secure, and Ivanti Endpoint Manager Mobile must take immediate action. It is crucial for organisations to follow the instructions provided by CISA and Ivanti in order to mitigate the risks and secure their systems.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.