Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

April 3, 2024 at 01:31PM

Ivanti, an IT security software company, has released patches for multiple high-severity security vulnerabilities in its Connect Secure and Policy Secure gateways. Attackers can exploit these flaws for remote code execution and DoS attacks. The U.S. CISA has issued an emergency directive to secure Ivanti systems following zero-day attacks. Thousands of Ivanti endpoints remain at risk.

Key takeaways from the meeting notes:

– Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways, including high-severity flaws such as CVE-2024-21894, which can lead to remote code execution and denial of service states.

– The vulnerabilities are related to the IPSec and SAML components of the gateway versions.

– Shodan and Shadowserver track thousands of Ivanti Connect Secure VPN gateways exposed online, posing a significant risk.

– Nation-state actors have exploited vulnerabilities in Ivanti software, including zero-day flaws (e.g., CVE-2023-46805, CVE-2024-21887), leading to widespread attacks and the spread of custom malware.

– In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to federal agencies, requiring them to secure Ivanti systems against attacks using zero-day flaws, disconnect vulnerable Ivanti VPN appliances, and rebuild them with patched software before bringing them back online.

– Suspected Chinese threat groups exploited a Connect Secure zero-day (CVE-2021-22893) three years ago, breaching government, defense, and financial organizations in the United States and Europe.

These are the key points from the meeting notes.

Full Article