Today, January 10th, 2024, Ivanti disclosed two serious vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure products.
The first issue, CVE-2023-46805, allows attackers to bypass authentication controls to access restricted resources without authentication. This vulnerability has a CVSS score of 8.2 out of 10, indicating a high degree of impact.
The second issue, CVE-2024-21887, allows attackers to inject arbitrary commands to be executed on the affected device. Attackers must be authenticated to exploit this vulnerability, but attackers may be able to use the authentication bypass vulnerability above to achieve this. This vulnerability has a CVSS score of 9.1 out of 10, indicating a critical vulnerability.
The vendor reports that there are indications that these vulnerabilities have been exploited in the wild.
What is the impact? #
Upon successful exploitation of these vulnerabilities, attackers can execute arbitrary commands on the vulnerable system. This includes the creation of new users, installation of additional modules or code, and, in general, system compromise.
Are updates or workarounds available? #
Ivanti has released an update to mitigate this issue. Users are urged to update as quickly as possible.
How do I find potentially vulnerable Ivanti devices with runZero? #
From the Services Inventory, use the following query to locate assets running the vulnerable products in your network that expose a web interface and which may need remediation or mitigation:
_asset.protocol:http AND protocol:http AND http.body:"welcome.cgi?p=logo"
Additional fingerprinting research is ongoing, and additional queries will be published as soon as possible.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
