Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure
Ivanti has published an advisory detailing two vulnerabilities affecting Connect Secure and Policy Secure gateways.
Ivanti is aware that both vulnerabilities are being actively exploited.
CVE-2023-46085 − an authentication bypass vulnerability in the web component of ICS (9.x, 22.x) and IPS which allows a remote attacker to access restricted resources by bypassing control checks.
CVE-2024-21887 − a command injection vulnerability in web components of ICS (9.x, 22.x) and IPS which allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
If CVE-2024-21887 is used in conjunction with CVE-2023-46805, exploitation doesn’t require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system.
Check for compromise using the detection steps and indicators of compromise (IoCs) detailed in the Ivanti KB article and the Volexity blog.
Monitor the Ivanti KB article and install the security update once it is available for your version.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.