- 37/2024
- High
Ivanti has released security updates to fix two vulnerabilities one of them is zeroday across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA gateways.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, gain elevated privileges, and gain access to the affected systems.
The addressed vulnerabilities:
1. Ivanti Connect Secure and Ivanti Policy Privilege Escalation Vulnerability (CVE-2024-21888):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Ivanti Connect Secure and Ivanti Policy Server-Side Request Forgery Vulnerability (CVE-2024-21893):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
It should be highlighted that Ivanti is aware that the zero-day vulnerability (CVE- 2024-21893) is actively exploited in the wild by many threat actors to deploy their malware. Additionally, Ivanti released patches today for two other zero-days (CVE- 2023-46805, CVE-2024-21887) sent before “Alert 10/2024 – 11 January 2024“ with mitigation measures to block attack attempts and recovery instructions designed to help restore compromised devices and bring them back online.
Vulnerabilities
- CVE-2024-21888
- CVE-2024-21893
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.