January 31, 2024 at 08:48AM
Ivanti has warned of two vulnerabilities affecting Connect Secure, Policy Secure, and ZTA gateways. The first vulnerability (CVE-2024-21893) is a zero-day bug allowing server-side request forgery, granting unauthorized access. The second flaw (CVE-2024-21888) enables privilege escalation. Ivanti has released security patches and mitigation measures. Threat actors have exploited these vulnerabilities, affecting multiple organizations globally.
From the meeting notes, the key takeaways are:
– Ivanti has issued warnings about two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, including a zero-day bug already under active exploitation.
– The zero-day flaw (CVE-2024-21893) is a server-side request forgery vulnerability in the gateways’ SAML component that allows attackers to bypass authentication and access restricted resources.
– Another flaw (CVE-2024-21888) in the gateways’ web component allows threat actors to escalate privileges to those of an administrator.
– Ivanti has released security patches to address both flaws and provides mitigation instructions for devices still waiting for a patch.
– Additionally, Ivanti has released patches for two other zero-days disclosed in early January, including an authentication bypass (CVE-2023-46805) and a command injection (CVE-2024-21887) that have been chained in widespread attacks since January 11.
– CISA has issued an emergency directive ordering federal agencies to immediately mitigate the zero-day flaws in response to mass exploitation by multiple threat actors.
– The victims of these attacks include government and military organizations worldwide, national telecom companies, defense contractors, banking, finance, and accounting organizations, as well as aerospace, aviation, and tech firms of various sizes, including Fortune 500 companies.
– Multiple cybersecurity firms have observed attackers deploying custom malware strains, cryptocurrency miners, and other malicious payloads in these extensive attacks.
These takeaways highlight the urgency and severity of the situation, emphasizing the need for immediate action to ensure the protection of affected systems and organizations.