WIREDGOV

Ivanti has published an advisory detailing two vulnerabilities affecting Connect Secure and Policy Secure gateways.

Ivanti is aware that both vulnerabilities are being actively exploited.

CVE-2023-46085 − an authentication bypass vulnerability in the web component of ICS (9.x, 22.x) and IPS which allows a remote attacker to access restricted resources by bypassing control checks.

CVE-2024-21887 − a command injection vulnerability in web components of ICS (9.x, 22.x) and IPS which allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

If CVE-2024-21887 is used in conjunction with CVE-2023-46805, exploitation doesn't require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system.

The NCSC will continue to monitor for any impact of these vulnerabilities on UK organisations.

Who is affected?

Organisations using Ivanti Connect Secure and Policy Secure gateways. 

What should I do?

The NCSC recommends following vendor best-practice advice to mitigate vulnerabilities. In this case, if you use Ivanti Connect Secure and Policy Secure gateways, you should take these priority actions: 

1. Check for compromise using the detection steps and indicators of compromise (IoCs) detailed in the Ivanti KB article and the Volexity blog.
2. If you believe you have been compromised and are in the UK, you should report it to the NCSC.
3. Install the vendor temporary workaround.
4. Monitor the Ivanti KB article and install the security update once it is available for your version.

The NCSC provides a range of free guidance, services and tools that help to secure systems.

• Follow NCSC guidance including preventing lateral movement.
• Sign up to the free NCSC Early Warning service to receive notifications of potential cyber attacks on your network. If you are an Early Warning user already, please check your MyNCSC portal.
• UK central government departments can take advantage of the NCSC's Host Based Capability.
• The NCSC's Vulnerability Disclosure Toolkit helps organisations of all sizes with the essential components of implementing a vulnerability disclosure process.