Ivanti researchers this week flagged two zero-day vulnerabilities found in its merchandise — CVE-2023-46805 and CVE-2024-21887— which are already being actively exploited by risk actors.
The vulnerabilities had been present in Ivanti Join Safe (ICS) and Ivanti Coverage Safe gateways, and the vulnerabilities have an effect on all supported variations (Model 9.x and 22.x). Volexity assisted in figuring out and reporting the problems in Ivanti Join Safe, Ivanti Coverage Safe, and ZTA gateways.
CVE-2023-46805 is an authentication bypass vulnerability that enables risk actors to entry restricted supplies remotely and has a CVSS ranking of 8.2. CVE-2024-21887, with a CVSS ranking of 9.1, is a command injection vulnerability that enables authenticated admins to ship distinctive requests in addition to execute arbitrary instructions.
Ivanti researchers reported that mitigation is obtainable and patches might be launched in waves in a staggered method — a patch for the authentication bypass vulnerability might be obtainable Jan. 22; a patch for the command injection vulnerability is slated for Feb. 19. Mitigation is obtainable from the seller whereas the patches are being developed, however Ivanti researchers stress it is important that prospects take instant motion.
For help or assist with questions, Ivanti is directing prospects to its Success Portal to request a name or log a case. Directions on the way to apply the mitigation can be found on the web site.
