Analytics Story: Ivanti Connect Secure VPN Vulnerabilities

Description

The following analytic story addresses critical vulnerabilities CVE-2023-46805 and CVE-2024-21887 in Ivanti Connect Secure and Ivanti Policy Secure Gateways. CVE-2023-46805 is an authentication bypass vulnerability, while CVE-2024-21887 is a command injection flaw, both presenting significant risks in versions 9.x and 22.x. Combined, these vulnerabilities enable unauthenticated threat actors to execute arbitrary commands, compromising system integrity. Immediate mitigation is imperative, with patches scheduled for staggered release. Ivanti has provided interim mitigation steps, and it's crucial for customers to apply these measures to protect their systems against potential exploits.

Why it matters

Ivanti Connect Secure and Ivanti Policy Secure gateways face a severe security challenge with the discovery of CVE-2023-46805 and CVE-2024-21887. CVE-2023-46805 allows attackers to bypass authentication in critical web components of versions 9.x and 22.x. More alarmingly, when paired with CVE-2024-21887, a command injection vulnerability, it enables remote attackers to execute arbitrary commands without authentication. This combination poses a heightened threat, undermining the security of enterprise networks. Ivanti has mobilized resources to address these vulnerabilities, offering immediate mitigation advice and scheduling patch releases. Customers are urged to apply these mitigations without delay to safeguard their networks.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint Exploit Public-Facing Application TTP
Ivanti Connect Secure Command Injection Attempts Exploit Public-Facing Application TTP
Ivanti Connect Secure SSRF in SAML Component Exploit Public-Facing Application TTP
Ivanti Connect Secure System Information Access via Auth Bypass Exploit Public-Facing Application Anomaly

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼
Suricata N/A suricata suricata

References


Source: GitHub | Version: 1