Ivanti : 2 zero-day CVE-2023-46805 CVE-2024-21887 Secure VPN

Topic

New Reply

CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Vulnerabilities have been discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities impact all supported versions – Version 9.x and 22.x (refer to Granular Software Release EOL Timelines and Support Matrix for supported versions).
Refer to KB43892 – What releases will Pulse Secure apply fixes to resolve security vulnerabilities for our End of Engineering (EOE) and End of Life (EOL) policies.
If CVE-2024-21887 is used in conjunction with CVE-2023-46805, exploitation does not require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system. …

Newly Discovered Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems

Most of the exposed VPN appliances are in the U.S., followed by Japan and Germany. Read the technical details about these zero-day vulnerabilities, along with detection and mitigation tips…

Reply | Quote

Replies

This is an enterprise product – they don’t even show prices on their site. Not something anyone here is likely to have, unless they are doing enterprise support and then they would most likely be informed by Ivanti.

cheers, Paul

Reply | Quote

New Ivanti Secure VPN Zero-Day Vulnerabilities and Patches

Most of the exposed VPN appliances are reported to be in the U.S., followed by Japan and Germany.

Five new zero-day vulnerabilities have been discovered this year in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide…

Ivanti Secure VPN vulnerabilities reported after Jan. 10, 2024: CVE-2024-21888, CVE-2024-21893, CVE-2024-22024

On Jan. 22, 2024, a new Ivanti security advisory was released: “As part of our ongoing investigation into the vulnerabilities reported on 10 January in Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered new vulnerabilities. These vulnerabilities impact all supported versions – Version 9.x and 22.x.”

The two new vulnerabilities, CVE-2024-21888 and CVE-2024-21893, allow an attacker to bypass authentication and access restricted resources on vulnerable devices and to elevate its privileges to those of an administrator. As reported by Mandiant, “Successful exploitation would bypass the initial mitigation provided by Ivanti on Jan. 10, 2024.”

On Feb. 8, 2024, another new vulnerability was reported by Ivanti; CVE-2024-22024 allows an attacker to access certain restricted resources without authentication. Ivanti maintains a knowledge base with all updates and reports that “the situation is still evolving.”..

Reply | Quote