ADVISORY!
TLP : CLEAR
Date : 11/01/2024
REF NO : CERT /2024/01/05
Vulnerabilities in Ivanti gateways actively exploited
Severity Level: High
Components Affected
Ivanti gateway
Overview
Allow for authentication bypass and remote command execution
Description
Ivanti has released an advisory for two vulnerabilities affecting Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways.The vulnerabilities, tracked as CVE-2023-46805 (high severity) and CVE-2024-21887 (critical severity) allow for authentication bypass and remote command execution. These could give a remote attacker full control of an affected device.
Impact
Allows an attacker to circumvent authentication checks.
Solution/ Workarounds
There is currently no patch available.Patches will be released in a staggered schedule, with the first version expected to be available to customers the week of 22 January 2024, and the final version expected to be available the week of 19 February 2024, please follow the vendor’s advisory blog. For existing users of these services Ivanti has provided a mitigation and instructions on how to apply it in their customer advice.Until patches are available, Ivanti recommends actively monitoring your devices for malicious activity.
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
