Read more on Ivanti vulnerabilities:
- Two Ivanti Zero-Days Actively Exploited in the Wild
- Ivanti Zero-Days Exploited By Multiple Actors Globally
- Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver
- Ivanti Releases Zero-Day Patches and Reveals Two New Bugs
- Latest Ivanti Zero Day Exploited By Scores of IPs
- New Ivanti Vulnerability Observed as Widespread Security Concerns Grow
Eight government agencies from the Five Eyes countries (Australia, Canada, New Zealand, the UK, and the US) issued an urgent warning on February 29 about the active exploitation of Ivanti product vulnerabilities.
Specifically, the joint advisory assessed that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways.
The vulnerabilities identified as actively exploited by threat actors are the following:
- CVE-2023-46805
- CVE-2024-21887
- CVE-2024-21893
These vulnerabilities impact all supported versions (9.x and 22.x) of Ivanti gateways.
Their severity ratings range from high to critical. They can be used in a chain of exploits to enable malicious cyber threat actors to bypass authentication, craft malicious requests and execute arbitrary commands with elevated privileges.
These are three of five vulnerabilities discovered in Ivanti’s product since January 2024.
Ivanti Compromise Detection Tools Fail
In their joint advisory, the Five Eyes agencies also note that cyber threat actors can deceive Ivanti’s internal and external Integrity Checker Tool (ICT), resulting in a failure to detect compromise.
“During multiple incident response engagements associated with this activity, CISA identified that Ivanti’s internal and previous external ICT failed to detect compromise.
“In addition, CISA has conducted independent research in a lab environment validating that the Ivanti ICT is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets,” reads the advisory.
No tags.
