WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!
CVE-2024-21894
CVSS 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
CVE-2024-22053
CVSS 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
CVE-2024-22052
CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2024-22023
CVSS 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Sources
Risks
Ivanti has released security updates to address four vulnerabilities impacting Connect Secure and Policy Secure Gateways that could result in denial-of-service (DoS) and remote code execution (RCE).
CVE-2024-21894 is a heap overflow vulnerability, an unauthenticated malicious user could exploit this vulnerability to launch denial-of-service (DoS) attacks and in certain conditions execute arbitrary code.
CVE-2024-22052 could allow an unauthenticated attacker to send special crafted requests in order to crash the service leading to DoS attack.
Successful exploitation of CVE-2024-22053, could allow an unauthenticated attacker to launch DoS attacks or in certain conditions read contents from memory.
CVE-2024-22023 is an XML entity expansion which allows a malicious attacker to send special crafted XML requests in order to temporarily cause resource exhaustion, resulting to limited time DoS conditions.
All mentioned vulnerabilities pose a significant threat to the Availability of the information security.
There is no available information yet about these vulnerabilities being exploited in the wild by threat actors.
Description
Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure. Malicious attackers could exploit these vulnerabilities to launch DoS attacks or, in certain conditions execute arbitrary code.
CVE-2024-22023 is a vulnerability in the SAML of Ivanti Connect Secure (9.x, 22.x) and Policy Secure Gateway. Successful exploitation of this vulnerability could allow an unauthenticated user to temporarily exhaust resources, leading to limit-time DoS.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.