Ivanty Vulnerability

Ivanty Vulnerability

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

In one analyzed incident, attackers used these vulnerabilities to gain extensive access to internal systems and networks. They modified files to log keystrokes and steal credentials, enabling them to perform actions like data theft and deploying a custom web shell for persistent access. In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog. Federal agencies are advised to apply the fixes by January 31, 2024.

Organizations are recommended to regularly update systems, conduct security audits, and implement strong network monitoring to protect against such threats, especially for critical devices like VPN appliances and firewalls.

Affected Systems

Affected Versions

All currently supported versions 9.x and 22.x prior to mitigation by the respective vendor are vulnerable. It is unknown whether unsupported versions 8.x and below are also vulnerable.

IoC’s

-

Recommended Solution(s)

-

Mitigations

Temporary Solution

CVE-2023-46805 and CVE-2024-21887 can be mitigated by importing the mitigation.release.20240107.1.xml file via the download portal.

Ivanti is now providing mitigation while the patch is under development to prioritise the interests of its customers.

Ivanti has created a mitigation to be applied to gateways.

CVE / CWE

CVE-2024-21887

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2024-21887
• https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.