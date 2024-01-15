What has happened?

Ivanti has published an advisory detailing two vulnerabilities affecting Connect Secure and Policy Secure gateways.

Ivanti is aware that both vulnerabilities are being actively exploited.

CVE-2023-46085 − an authentication bypass vulnerability in the web component of ICS (9.x, 22.x) and IPS which allows a remote attacker to access restricted resources by bypassing control checks.

CVE-2024-21887 − a command injection vulnerability in web components of ICS (9.x, 22.x) and IPS which allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

If CVE-2024-21887 is used in conjunction with CVE-2023-46805, exploitation doesn't require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system.

The NCSC will continue to monitor for any impact of these vulnerabilities on UK organisations.

Who is affected?