This advisory is for organizations that use Ivanti Connect Secure as a VPN solution or Ivanti Policy Secure as a network access control solution. If your organization does not use Ivanti products, this notification may be discarded.
Ivanti has released Security Advisories and made mitigation strategies available to address an authentication bypass and command injection vulnerabilities on targeted gateways. These attacks may be chained to allow an unauthenticated remote user to obtain administrative access and run arbitrary commands on affected platforms.
These vulnerabilities are being actively exploited.
This is an authentication bypass vulnerability that can circumvent MFA controls in the web component of Ivanti Connect Secure and Ivanti Policy Secure which would allow an attacker to bypass control checks and obtain authenticated access.
CVE-2024-21887 – Command injection vulnerability
Would allow an attacker to send privileged requests and execute arbitrary commands on Ivanti Connect Secure and Ivanti Policy Secure.
Ivanti Connect Secure v. 9.x, 22.x
Ivanti Policy Secure
Though a patch has not yet been released, Ivanti has provided mitigation strategies. Ivanti warns that these mitigations will result in product service degradation.
“We have seen evidence of threat actors attempting to manipulate Ivanti’s internal integrity checker (ICT). Out of an abundance of caution, we are recommending that all customers run the external ICT. We have added new functionality to the external ICT that will be incorporated into the internal ICT in the future. We regularly provide updates to the external and internal ICT, so customers should always ensure they are running the latest version of each.”