Ivanti has released critical security updates for its Cloud Services Application (CSA) and Connect Secure products to address multiple vulnerabilities, including an authentication bypass (CVE-2024-11639) with a CVSS score of 10.0, and several command and SQL injection flaws. These vulnerabilities could allow remote attackers to gain administrative access and execute arbitrary code. Users are urged to update to the latest versions to mitigate potential risks, although no active exploitation has been reported yet.
Ivanti has issued security updates to address 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, including two critical heap overflows that could allow remote attackers to execute arbitrary commands. The flaws, found in Avalanche's WLInfoRailService and WLAvalancheService components, could be exploited for remote code execution without user interaction. Ivanti also patched 25 medium and high-severity bugs that could lead to denial-of-service attacks, arbitrary command execution, and remote code execution. Customers are urged to update to the latest Avalanche 6.4.3 release to mitigate these security risks.
Ivanti has released an urgent fix for a critical remote code execution vulnerability (CVE-2023-41724) affecting Standalone Sentry, with a CVSS score of 9.6, urging customers to apply the patches immediately. The flaw impacts multiple versions and could allow unauthenticated threat actors to execute arbitrary commands on the underlying operating system. Ivanti has credited researchers for their collaboration on the issue and emphasized the importance of applying the fix. Additionally, a mutation cross-site scripting (mXSS) flaw impacting the open-source email client Mailspring has been revealed, which could be exploited to achieve code execution when a user interacts with a malicious email.
Ivanti has issued patches for critical vulnerabilities in its Standalone Sentry and Neurons for ITSM solutions, following reports from NATO Cyber Security Centre researchers. The flaws could allow unauthenticated attackers to execute arbitrary commands and pose a significant risk to organizations. While the company has not observed any active exploitation, it urges immediate patching to ensure protection. Additionally, nation-state actors have previously targeted Ivanti vulnerabilities, emphasizing the importance of prompt mitigation measures.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed that hackers breached two of its systems in February through vulnerabilities in Ivanti products, prompting the agency to take the systems offline. The affected systems reportedly had critical ties to U.S. infrastructure, including the Infrastructure Protection Gateway and the Chemical Security Assessment Tool. While CISA has not confirmed whether these specific systems were taken offline, the breach highlights the importance of having an incident response plan in place to address cyber vulnerabilities.
The US Cybersecurity and Infrastructure Security Agency (CISA) suffered a security breach in February when threat actors exploited Ivanti flaws to hack two crucial systems, the Infrastructure Protection Gateway and the Chemical Security Assessment Tool. The breached systems contained sensitive information related to security assessments of chemical facilities and were promptly taken offline. CISA had previously warned about vulnerabilities in Ivanti software, and while the agency stated that the breach did not impact its operations, the incident serves as a reminder of the importance of having an incident response plan in place.
Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, forcing CISA to take two systems offline. The compromised systems included the Infrastructure Protection Gateway and the Chemical Security Assessment Tool, which house critical information about U.S. infrastructure interdependency and sensitive industrial data. CISA has warned organizations about threat actors exploiting vulnerabilities in Ivanti products and has ordered federal agencies to disconnect and patch affected products. The incident highlights the ongoing cybersecurity risks faced by organizations and the importance of having robust incident response plans in place.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers may maintain root persistence on hacked Ivanti VPN gateways even after factory resets, evading detection by Ivanti's Integrity Checker Tool. Four vulnerabilities, ranging from high to critical severity, can be exploited for authentication bypass and arbitrary command execution. CISA advises federal agencies to assume compromised credentials, hunt for malicious activity, run Ivanti's updated scanner, and apply patching guidance. Despite Ivanti's assurances, CISA urges caution and warns that it may still not be safe to use previously compromised Ivanti Connect Secure and Ivanti Policy Secure devices even after cleaning and performing a factory reset.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers may maintain root persistence on hacked Ivanti VPN gateways even after factory resets, and can evade detection by Ivanti's Integrity Checker Tool. CISA advises federal agencies to assume compromised credentials, hunt for malicious activity, run Ivanti's updated scanner, and apply patching guidance. Despite Ivanti's assurances, CISA urges caution and warns that it may still not be safe to use previously compromised Ivanti Connect Secure and Ivanti Policy Secure devices.
The Cybersecurity and Infrastructure Security Agency (CISA) and its partners have issued a joint advisory warning that cyber threat actors are actively exploiting multiple vulnerabilities in Ivanti Connect Secure and Policy Secure gateways, allowing them to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. These vulnerabilities impact all supported versions and can enable threat actors to maintain root-level persistence despite factory resets. Organizations are urged to assume compromised credentials, hunt for malicious activity, run Ivanti’s external Integrity Checker Tool, apply patching guidance, and report potential compromises to relevant authorities. Additionally, the advisory provides technical details, indicators of compromise, detection methods, incident response recommendations, mitigations, and reporting instructions.
Ivanti has disclosed a fifth vulnerability affecting its gateways, but has not credited the third-party researchers who discovered it, causing confusion. The high-severity authentication bypass flaw only affects limited supported versions and was discovered in-house, according to Ivanti. The company has been grappling with a series of vulnerabilities in its products, with attackers exploiting zero-days and developing workarounds for mitigations. The UK's NCSC has urged immediate patches for all five Ivanti vulnerabilities, while CISA has issued an emergency directive instructing federal agencies to disconnect the products entirely.
Ivanti has disclosed a high-severity security flaw, CVE-2024-22024, affecting its Connect Secure, Policy Secure, and ZTA gateway devices, allowing attackers to bypass authentication. The company has released patches for the affected versions and urges users to apply them promptly, emphasizing the importance of addressing multiple security weaknesses that have surfaced this year. While there is no evidence of active exploitation, users are advised to take swift action due to the potential for broad abuse of these vulnerabilities.
Ivanti has warned of a new authentication bypass vulnerability (CVE-2024-22024) affecting its Connect Secure, Policy Secure, and ZTA gateways, urging immediate patching. The flaw allows remote attackers to access restricted resources without user interaction or authentication. Threat monitoring shows over 20,000 ICS VPN gateways exposed online, with Ivanti devices being heavily targeted in attacks. Security patches for the vulnerabilities were released on January 31, and Ivanti advises customers to factory reset vulnerable appliances before patching to block attackers' persistence.
Federal civilian agencies have been ordered by the US Cybersecurity and Infrastructure Security Agency to disconnect all network connections to Ivanti VPN software due to three critical vulnerabilities, including two zero-days, that are being actively exploited by threat groups. The directive also includes steps for agencies to detect if their Ivanti VPNs have been compromised and mandates a series of actions to be taken before bringing the products back online. Security firm Volexity reported that at least 2,200 customers of the affected products have been compromised, and they praised the directive as the best way to alleviate concerns about compromised devices.
Ivanti has warned of two new vulnerabilities affecting its Connect Secure, Policy Secure, and ZTA gateways, including a zero-day bug (CVE-2024-21893) being actively exploited, allowing attackers to bypass authentication and access restricted resources. Another flaw (CVE-2024-21888) enables threat actors to escalate privileges to those of an administrator. Patches and mitigation measures have been released, with over 460 compromised devices discovered on January 30 alone. The vulnerabilities have been exploited in widespread attacks targeting government, military, telecom, finance, and tech organizations, with custom malware strains deployed to steal credentials and drop additional malicious payloads.
