Patch Now: Ivanti Fixes Critical Vulns, New Zero-Day Emerges

by ·

Ivanti has released a suite of patches for vulnerabilities in its Connect Secure (ICS) and Policy Secure (IPS) gateways. Concurrently, the company has identified two new zero-day vulnerabilities, one of which is being actively exploited.

This announcement comes in the wake of Ivanti’s disclosure about the delay in releasing the initial batch of patches, which were expected last week. The patches are now available for versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, and the ZTA version 22.6R1.3.

Administrators are advised to reset their devices to factory settings before installing the patch to mitigate the risk of attacks during the update process, which could take up to four hours.

The vulnerabilities, identified as CVE-2023-46805 (CVSS: 8.2) and CVE-2024-21887 (CVSS: 9.1) and disclosed in mid-January, allow unauthorized attackers to remotely execute code.

Kansas State University cyberattack

Initially, ten victims were reported, but the number of affected parties has since rapidly increased. The patches, intended for release as soon as possible, were ultimately made available on January 31.

In light of these threats, the United States Cybersecurity and Infrastructure Security Agency (CISA) has stated that some attackers have managed to circumvent Ivanti’s protective measures. The agency warned that adversaries continue to exploit vulnerabilities in Ivanti Connect Secure and Policy Secure gateways to steal credentials or deploy web shells, enabling further compromise of corporate networks.

The new zero-day vulnerabilities tracked as CVE-2024-21888 (CVSS: 8.8) and CVE-2024-21893 (CVSS: 8.2), affect all supported versions of ICS, IPS, and ZTA gateways. The former allows an attacker to elevate their privileges to an administrative level, while the latter is a server-side request vulnerability.

Despite their recent discovery, patches for these new zero-day vulnerabilities are already available for download. Ivanti strongly urges its clients to promptly apply all the latest patches to safeguard their systems.

Tags: