Warning issued to admins of Ivanti Connect Secure and Policy Secure gateways

Share post:

IT administrators with Ivanti’s  Connect Secure/Pulse Secure VPNs and Policy Secure gateways are urged to install mitigations immediately.

The mitigations are to temporarily deal with two vulnerabilities (CVE-2023-46805, an authentication bypass and CVE-2024-21887, a command injection) that impact all supported versions of these products.

If they are chained together, “exploitation does not require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system,” the company said.

“It is critical that you immediately take action to ensure you are fully protected,” the company said in an advisory.

Patches will be released in a staggered schedule, with the first version targeted to be available to customers the week of Jan. 22, with the final version targeted to be available the week of Feb. 19. Until then, the mitigations will have to do.

The vulnerabilities were discovered by researchers at Volexity, who in December detected suspicious lateral movement on the network of one of its network security monitoring service customers. An attacker was placing webshells on the customer’s internal and external-facing web servers. Investigating further, Veloxity found that logs on the customer’s Ivanti Connect Secure VPN had been wiped and logging had been disabled. It then discovered two different zero-day exploits which were being chained together to achieve unauthenticated remote code execution.

“When combined, these two vulnerabilities make it trivial for attackers to run commands on the system,” Volexity says in its report. “In this particular incident, the attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the … VPN appliance.”

Among other things, the attacker modified legitimate Connect Secure components and made changes to the system to evade the the VPN’s Integrity Checker Tool.

“As organizations continue to improve and harden their defense, attackers are continually looking for ways to bypass them,” the Volexity report says. “Internet-accessible systems, especially critical devices like VPN appliances and firewalls, have once again become a favorite target of attackers. These systems often sit on critical parts of the network, cannot run traditional security software, and typically sit at the perfect place for an attacker to operate.

“Organizations need to make sure they have a strategy in place to be able to monitor activity from these devices and quickly respond if something unexpected occurs.”

The post Warning issued to admins of Ivanti Connect Secure and Policy Secure gateways first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways