Monday 15 Jan 2024 @ 10:15
National Cyber Security Centre
Printable version

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

What has happened?

Ivanti has published an advisory detailing two vulnerabilities affecting Connect Secure and Policy Secure gateways.

Ivanti is aware that both vulnerabilities are being actively exploited.

CVE-2023-46085 − an authentication bypass vulnerability in the web component of ICS (9.x, 22.x) and IPS which allows a remote attacker to access restricted resources by bypassing control checks.

CVE-2024-21887 − a command injection vulnerability in web components of ICS (9.x, 22.x) and IPS which allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

If CVE-2024-21887 is used in conjunction with CVE-2023-46805, exploitation doesn't require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system.

The NCSC will continue to monitor for any impact of these vulnerabilities on UK organisations.

Who is affected?

Organisations using Ivanti Connect Secure and Policy Secure gateways. 

What should I do?

The NCSC recommends following vendor best-practice advice to mitigate vulnerabilities. In this case, if you use Ivanti Connect Secure and Policy Secure gateways, you should take these priority actions: 

  1. Check for compromise using the detection steps and indicators of compromise (IoCs) detailed in the Ivanti KB article and the Volexity blog.
  2. If you believe you have been compromised and are in the UK, you should report it to the NCSC.
  3. Install the vendor temporary workaround.
  4. Monitor the Ivanti KB article and install the security update once it is available for your version.

NCSC guidance, services and tools

The NCSC provides a range of free guidance, services and tools that help to secure systems.

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/exploitation-ivanti-vulnerabilities

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.

NCSC warns of enduring and significant threat to UK's critical infrastructure

16/11/2023 10:05:00

The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.