Ivanti Connect Secure and Policy Secure endpoints have been left vulnerable to a series of security flaws, posing significant risks to organizations relying on these products for secure access and policy management.
In the latest report, there are five security flaws that hit Ivanti's servers.
Severity and Impact of the Flaws
Thousands of Ivanti gateways appear to be heavily exploited by threat actors. According to the latest report, it was on Jan. 10 when the vulnerability was disclosed as zero-day.
The vulnerabilities, including CVE-2024-22024, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, and CVE-2024-21888, range from high to critical severity.
We have added improvements to our Ivanti Connect Secure VPN scans to better detect unpatched versions vulnerable to CVE-2024-22024 (~3900 found) & CVE-2024-21887 (~ 1000 found). IP data shared in https://t.co/qxv0Gv5ELc
— Shadowserver (@Shadowserver) February 14, 2024
CVE-2024-22024 geo breakdown: https://t.co/nL8g8wSL50 pic.twitter.com/PuosKSfYhk
According to Bleeping Computer, they encompass authentication bypass, server-side request forgery, arbitrary command execution, and command injection issues, creating avenues for unauthorized access and malicious exploitation.
Related Article: Prudential Financial Confirms Hackers Stole Employee, Contractor Data in Recent Breach
Exploitation by Threat Actors
Some of these vulnerabilities have already been exploited by nation-state actors, underscoring the urgency of addressing these security gaps. Threat actors have been leveraging these flaws to compromise Ivanti endpoints, with potential repercussions for affected organizations.
Immediate Action Required
Of particular concern is CVE-2024-22024, an XML External Entity (XXE) vulnerability affecting the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateways. This flaw enables unauthorized access to restricted resources, posing a critical risk to sensitive data and network integrity.
Despite the lack of confirmed exploitation, scanning activities targeting CVE-2024-22024 have surged, signaling imminent threats. Organizations are urged to promptly apply available security updates or implement mitigations to safeguard their systems from potential exploitation.
Extent of Vulnerable Endpoints
Recent reports indicate a concerning number of Ivanti endpoints remaining susceptible to these security vulnerabilities. Thousands of endpoints have been identified as vulnerable, with notable concentrations in the United States, highlighting the global impact of these flaws.
Patch Adoption Challenges
Despite the availability of security updates, patch adoption rates remain suboptimal, leaving a significant portion of Ivanti servers exposed to exploitation. This highlights the challenges organizations face in implementing timely remediation measures, compounded by the rapid disclosure of vulnerabilities.
Heightened Risk and Prolonged Exposure
The accelerated disclosure timeline has left administrators with limited preparation time, exacerbating the risk of prolonged exposure to these vulnerabilities. Without expedited patching efforts, Ivanti systems are susceptible to exploitation, presenting threat actors with a wide array of potential targets.
To wrap it up, the critical security flaws affecting Ivanti Connect Secure and Policy Secure endpoints demand immediate attention and proactive measures to mitigate risks effectively. Organizations must prioritize patching and vigilance to defend against evolving cyber threats and safeguard their digital assets.
In another cybersecurity-related report, Goldfactory, a group of Chinese threat actors, is using deepfakes to deploy a banking trojan. The cybercriminals do this to steal the precious information of the victims.
Read Also: Expert: China on High Alert as India's Cybersecurity Threats Surge
