January 31, 2024 at 12:38PM
Ivanti has flagged high-severity vulnerabilities in its Connect Secure and Policy Secure products. CVE-2024-21888 allows privilege escalation, while CVE-2024-21893 allows server-side request forgery. Although there’s no evidence of customers being impacted by CVE-2024-21888, CVE-2024-21893’s exploitation is targeted. Ivanti has released fixes and recommends a factory reset before patching. Temporary workarounds are also suggested. Two other flaws in the product are being exploited, with CISA issuing a fresh advisory.
Key takeaways from the meeting notes:
1. Ivanti has identified two high-severity vulnerabilities in its Connect Secure and Policy Secure products:
– CVE-2024-21888: A privilege escalation vulnerability
– CVE-2024-21893: A server-side request forgery vulnerability in the SAML component
Ivanti has found evidence of targeted exploitation of CVE-2024-21893 and expects a sharp increase in exploitation once the information is public.
Ivanti has released fixes for the vulnerabilities in certain versions of Connect Secure as well as temporary workarounds in the form of importing a specific file.
Additionally, two other flaws (CVE-2023-46805 and CVE-2024-21887) in the same product have come under broad exploitation by threat actors.
2. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about adversaries leveraging the vulnerabilities to capture credentials and compromise enterprise networks.
3. Ivanti is recommending customers to factory reset their appliance before applying the patch as a best practice to prevent threat actors from gaining upgrade persistence in their environment. The company also suggests that the reset process will take 3-4 hours.
4. Customers are advised to follow Ivanti’s recommended temporary workarounds for CVE-2024-21888 and CVE-2024-21893, and to stay updated with the latest developments from Ivanti to apply fixes and prevent potential exploitation.
Please let me know if you need any further details or clarification.