You can now find Cyber Kendra on Google News!

Two New Zero-Day Flaws Disclosed in Ivanti Products, One Under Active Exploitation

ivanti zero-day vulnerability

Ivanti, a leading provider of cybersecurity software, has disclosed two new high-severity vulnerabilities affecting its Connect Secure and Policy Secure products. One of the flaws tracked as CVE-2024-21893 is reported to be under active exploitation in the wild.

The vulnerabilities are as follows:

  • CVE-2024-21888 - A privilege escalation flaw in the web interface of Ivanti Connect Secure (versions 9.x, 22.x) and Ivanti Policy Secure (versions 9.x, 22.x) that could allow an attacker to gain administrator privileges. It has a severity score of 8.8 out of 10 on the CVSS scale.
  • CVE-2024-21893 - A server-side request forgery issue in the SAML authentication component of Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for Zero Trust Access. The flaw carries a CVSS score of 8.2 and allows unauthorized access to restricted resources.

While Ivanti found no evidence of CVE-2024-21888 exploitation in the wild so far, the company acknowledged that CVE-2024-21893 has been under targeted attacks. Ivanti stated that it is "aware of a small number of customers have been impacted" and expects the attacks to increase after public disclosure.

In response, Ivanti has released security patches for the affected products, covering Connect Secure versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1, and ZTA version 22.6R1.3. As a best practice, a full factory reset is recommended before applying patches to prevent threat actors from maintaining persistence.

The two flaws add to the list of vulnerabilities in Ivanti products that have been actively exploited in recent months. Two other issues, CVE-2023-46805 and CVE-2024-21887, have enabled attackers to deploy backdoors, cryptocurrency miners and malware like the KrustyLoader trojan.

US Cybersecurity and Infrastructure Security Agency (CISA) has also urged organizations to update the vulnerable system and follow updated guidelines shared by Ivanti. 

For now, Ivanti has provided workarounds to address CVE-2024-21888 and CVE-2024-21893 through an XML file that can be imported into vulnerable systems. 

Given the critical nature of these vulnerabilities and the active exploitation observed, users of Ivanti's Connect Secure and Policy Secure products are urged to take immediate action. Applying the provided patches and following the recommended mitigation strategies will help safeguard against potential exploits and ensure the integrity of enterprise networks.

The repeated discoveries of flaws being exploited in the wild highlight the importance of promptly patching vulnerable applications and network devices. Software providers also need to implement secure development practices and subject their code to thorough security testing before release.

With threat actors constantly honing their skills and developing advanced techniques, organizations must have robust mechanisms in place to monitor for intrusions and quickly respond to security incidents. Implementing the principle of least privilege and zero trust access can limit damage from compromises.

Post a Comment