Software company Ivanti has recently raised the alarm about two new vulnerabilities impacting its products: Connect Secure, Policy Secure and ZTA gateways. Read on to learn more.
The first of these vulnerabilities, tagged as CVE-2024-21893, is a zero-day flaw that’s currently being actively exploited. This flaw is a server-side request forgery issue in the SAML component of the gateways, which allows attackers to sidestep authentication and gain access to restricted areas on the affected devices. The second vulnerability, CVE-2024-21888, is found in the gateways’ web component and allows attackers to escalate their privileges to an administrator level.
Ivanti has also rolled out patches for two previously disclosed zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) that have been weaponized in attacks since January 11 to deploy malware on vulnerable devices. On January 30 alone, over 460 compromised Ivanti VPN devices were discovered. In response to the widespread exploitation of these vulnerabilities, the United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive (ED 24-01).
These attacks have victimized a wide range of organizations, from government and military entities to companies in the banking, finance, telecommunications, aerospace and technology sectors, including Fortune 500 companies.
Nuspire is proactively applying patches as per vendor recommendations and conducting threat hunting in client environments to detect any signs of compromise.
If your organization uses Ivanti Connect Secure, Policy Secure and/or ZTA gateways, you should take the following actions:
The exploitation of these vulnerabilities highlights the importance of maintaining up-to-date security measures and promptly addressing identified vulnerabilities. By taking these steps, organizations can better safeguard their systems and data from potential threats.