Ivanti, the maker of identity, access, and automation solutions, announced essential security patches for Connect Secure, Policy Secure, and Zero Trust Access gateways, covering a list of critical vulnerabilities under active exploitation.
Ivanti has released critical security patches for Connect Secure, Policy Secure, and Zero Trust Access (ZTA) gateways to patch a number of vulnerabilities the company believes are being actively exploited in the wild. Users are urged to patch now.
Multiple Vulnerabilities
The patches resolve several key vulnerabilities:
CVE-2024-22024: This is an XXE vulnerability within the SAML component that lets unauthenticated attackers access restricted resources. Ivanti has observed some scanning activity for this flaw with peaks of 240,000 requests, suggesting possible exploitation attempts.
CVE-2024-21893: A server-side request forgery (SSRF) vulnerability in the SAML component enables attackers to bypass authentication and access restricted resources. This flaw has been actively exploited, with reports of attackers leveraging it to gain unauthorized access to systems.
CVE-2024-21888: Privilege escalation vulnerability in the web component, which allows users to elevate privileges to that of an administrator. No evidence of active exploitation has been found, but Ivanti recommends patching as soon as possible.
Impact and Recommendations
More than 13,000 Ivanti gateways remain vulnerable, with a significant number being located in the United States. The flaws have been exploited by multiple threat actors, including nation-state groups, to deploy malware, steal credentials, and establish persistent access within networks.
Ivanti has released patches for the affected versions and provided mitigation instructions for devices pending updates. Administrators are advised to:
Apply patches now: Update all Ivanti Connect Secure, Policy Secure, and ZTA gateways to the latest versions.
Implement mitigations: For those devices that will not receive a patch, implement the recommended mitigations to block potential attack vectors.
Conduct security audits: Perform thorough assessments to detect any signs of compromise and ensure the integrity of systems.
Monitor network traffic: Keep an eye on unusual activities that may indicate exploitation attempts.
Given the active exploitation of these vulnerabilities, immediate action is required to protect organizational networks from potential breaches.
