Published: January 16, 2024
Overview
There are two vulnerabilities discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure, and Ivanti Policy Secure gateways. They are identified as CVE-2023-46805 (CVSS 8.2 – High) and CVE-2024-21887 (CVSS 9.1 – Critical).
Impact
These vulnerabilities allow hackers to bypass control checks, gaining access to restricted resources and sending commands to a device, respectively. These exploits could result in data theft, file tampering, and other malicious activities.
Applicable Versions
| Affected Version | Updated Version |
|---|---|
| Version 9.x and 22.x | Update to latest patches. |
Mitigations and Workarounds
Ensure that the application version is not End of Life (EOL). Pulse Secure will apply fixes for product security vulnerabilities to all software releases that have not surpassed the End of Engineering (EOE) or End of Life (EOL) milestones.
Best Practices
It is recommended to verify if the application version has support from Ivanti. If not, upgrade the version to a supported one and then apply the available fixes.
Netsurion Detection and Response
Netsurion researchers are continuously monitoring the exploits of these vulnerabilities. Netsurion’s vulnerability management system will detect the vulnerabilities CVE-2023-46805 and CVE-2024-21887 for customers who have subscribed to Netsurion Vulnerability Management.
References:
- https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
- https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
- https://forums.ivanti.com/s/article/KB43892?language=en_US
- https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways