01.18.2024

Ivanti Secure Connect – Zero Day Authentication Bypass & Command Injection

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 01/18/2024

Action Level - High

Description

MCNC would like to alert you regarding a vulnerability affecting the Ivanti Secure Connect service. A recent Zero-Day exploit has been impacting Ivanti Secure Connect servers.The first security flaw, CVE-2023-46805, is an authentication bypass in the appliances' web component enabling attackers to access restricted resources by circumventing control checks. CVE-2024-21887 is a command injection vulnerability that lets authenticated admins execute arbitrary commands on vulnerable appliances by sending specially crafted requests.

Ivanti says that they have started to see active exploitation of these vulnerabilities in the wild and are actively tracking the ongoing situation.

Fixed Versions

There are currently no available fixes for the vulnerability. Ivanti has said that the first wave of patches will be available January 22nd and that another wave of patches will be released February 19th.

Attack Vector

Ivanti Connect Secure VPN and IPS network access control (NAC) appliances

Attack Feasibility 

No exploit scripts were found online but a python script that finds the two CVEs mentioned above has now been made available on github.

Mitigation/Remediation

Immediately update Ivanti Connect Secure to a fixed/secure version once the patch has been made available.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC