January 31, 2024 at 10:49AM
Ivanti has released the first round of patches for Connect Secure and Policy Secure gateways, addressing two zero-day vulnerabilities. Admins are advised to apply the patches and factory-reset devices as a precaution. This comes after delayed releases and growing exploitation. Customers should monitor and apply mitigations as patches continue to be developed.
Based on the meeting notes, here are the key takeaways:
1. Ivanti has released the first round of patches for the vulnerabilities in Connect Secure and Policy Secure gateways, but has discovered two additional zero-day vulnerabilities, one of which is under active exploitation.
2. Patches are available for specific versions, and admins are advised to factory-reset their devices before applying the patch to prevent attacker persistence.
3. Security researchers disclosed the zero-day exploits and highlighted the ease for remote unauthenticated attackers to achieve code execution.
4. CISA has reported that some sophisticated attackers bypassed Ivanti’s mitigation and have been exploiting weaknesses, moving laterally, and escalating privileges without detection.
5. Ivanti has updated its mitigation to address the vulnerabilities, but CISA advises organizations to continue proactively hunting for threats and to monitor account authentication, usage, and identity management services.
6. Two additional high-severity vulnerabilities affecting all supported versions of Connect Secure, Policy Secure, and ZTA gateways have been discovered, and Ivanti has released patches with comprehensive fixes.
7. Customers are strongly encouraged to apply the patches as they become available and to run both the internal and external integrity checker tools.
If you need further details or clarifications on these takeaways, please let me know.