virus logo Threat Signal Report

Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893)

Description

What is the Vulnerability? Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog.
What is the Vendor Solution? At the time of posting, there is no patch available; Ivanti has released workarounds as the two new vulnerabilities are actively being exploited in the wild. FortiGuard Labs strongly recommends users to apply patches as soon as they are made available and track vendor advisory for any updates. [ Link ]
What FortiGuard Coverage is available? FortiGuard Labs has released an IPS signature "Ivanti.Connect.Secure.Policy.Secure.Authentication.Bypassprotection" for CVE-2023-46805. Please refer to the outbreak Alert for more information and latest developments [ Outbreak Alert ].

Telemetry

Appendix

Ivanti (Advisory and Mitigation)


Date Jan 18, 2024
CVE ID CVE-2023-46805
CVE-2024-21887
CVE-2024-21888
CVE-2024-21893
Threat/
Vulnerability		 Vulnerability
Threat Actor Type Espionage
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services