January 10, 2024 at 01:59PM
Ivanti has disclosed two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure products. The CVE-2023-46805 flaw bypasses authentication, while CVE-2024-21887 allows arbitrary command execution. Chaining the two enables attackers to run commands without authentication. Ivanti is working on patches, with mitigation available until then. The company reports limited instances of exploitation and advises immediate action for protection.
It looks like the meeting notes are discussing a significant security issue faced by Ivanti, involving the disclosure of two zero-day vulnerabilities in their Connect Secure (ICS) and Policy Secure products. These vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, allow attackers to execute arbitrary commands and bypass authentication controls, potentially impacting all supported versions of the affected products.
Ivanti has reported that these zero-days have already been exploited in the wild, affecting a small number of customers. The company is taking steps to address the issue by providing a staggered release of patches, with the first version expected to be available to customers the week of 22 January and the final version the week of 19 February. In the meantime, customers can mitigate the zero-days by importing a specific mitigation file offered through Ivanti’s download portal.
Additionally, there have been concerns raised about the exposure of over 15,000 Connect Secure and Policy Secure gateways online, as reported by Shodan. Security expert Kevin Beaumont has also warned about the exploitation of these zero-days, highlighting the potential for MFA bypass and code execution.
Furthermore, recent history suggests a pattern of vulnerabilities in Ivanti’s products, as evidenced by the previous instances of zero-day exploitation in the company’s Endpoint Management software and other products.
In summary, Ivanti is currently facing a critical security situation, and it is important for the company to swiftly address the vulnerabilities and provide necessary patches to ensure the protection of its customers’ IT assets and systems.