Threat Alert: CVE-2023-46805 and CVE-2024-21887
Ivanti Connect Secure and Ivanti Policy Secure
Attention Ivanti Connect Secure and Ivanti Policy Secure users. Be advised that two vulnerabilities (CVE-2023-46805 and CVE-2024-21887) have been identified in your gateways. CVE-2023-46805 is an authentication bypass vulnerability that could allow a remote attacker to access restricted resources by bypassing control checks. Likewise, CVE-2024-21887 is a critical command injection vulnerability that could allow an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. It is crucial to take immediate action!
Security firm Volexity recently published a blog indicating observation of exploitation in the wild. Moreover, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a bulletin urging Ivanti Connect Secure and Ivanti Policy Secure users to mitigate the two vulnerabilities immediately. Please note that all supported versions (9.x and 22.x) of Ivanti Connect Secure and Ivanti Policy Secure are vulnerable to CVE-2023-46805 and CVE-2024-21887. Therefore, it is highly recommended to apply the vendor-provided workaround immediately to ensure that your systems are protected. Ivanti’s KB article has information on expected patch availability, so be sure to monitor.
What does this mean for Quadrant customers? Our diligent team of threat analysts has identified Indicators of Compromise (IOCs) and integrated them into our robust Bluedot Threat Intelligence database, initiating immediate detection for these IOCs within your environment. Our threat detection team is also engaged in writing custom detection as new IOCs are identified.
If you are a Quadrant customer and are currently utilizing the affected Ivanti products, please contact our Security Operations Center (SOC) for assistance.
Apply the vendor-provided workaround immediately.