February 15, 2024 at 10:33AM
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple high to critical security issues. The flaws include authentication bypass, server-side-request forgery, arbitrary command execution, and command injection problems. Despite available security updates, a large number of endpoints are still exposed to these vulnerabilities, increasing the risk of exploitation.
From the meeting notes, here are the key takeaways:
– Multiple Ivanti Connect Secure and Policy Secure endpoints are vulnerable to several critical security issues, including authentication bypass, server-side-request forgery, arbitrary command execution, and command injection problems.
– The vulnerabilities have been exploited by nation-state actors and a broad range of threat actors.
– CVE-2024-22024 is an XXE vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateways, allowing unauthorized access to restricted resources.
– There are more than 3,900 Ivanti endpoints vulnerable to CVE-2024-22024, with a significant number in the United States.
– Vulnerabilities such as CVE-2024-21887 and CVE-2023-46805 have been exploited by threat actors, such as Chinese hackers.
– A large number of Ivanti servers remain unpatched, with a global patching percentage as low as 21.1% for CVE-2024-22024.
The meeting notes underline the urgency of immediately applying available security updates or mitigations, given the high risk associated with prolonged vulnerability.