Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities

Threat Score:
60
2 articles
77.0% similarity
2 days ago

Activity Timeline

2 articles
Click to navigate
Jul 24
Jul 24
Oldest
Latest

Key Insights

1
Ivanti has identified multiple critical vulnerabilities in its Cloud Services Application (CSA) and Connect Secure Gateways, including CVE-2024-11639 (CVSS: 10.0) and CVE-2023-46805 (CVSS: 9.1), allowing for privilege escalation and remote code execution.
2
The vulnerabilities in Ivanti CSA and Connect Secure can be exploited by unauthenticated attackers to gain administrative access and execute arbitrary commands, posing severe risks to affected systems.
3
Patches are available for Ivanti CSA (version 5.0.3 or later) and advisories have been issued for Connect Secure and Policy Secure Gateways; immediate updates are recommended.
4
Both vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild.

Threat Overview

Ivanti has disclosed multiple critical vulnerabilities affecting its Cloud Services Application (CSA) and Connect Secure Gateways, including CVE-2024-11639 and CVE-2023-46805, which allow attackers to gain administrative access and execute commands without authentication [1][2]. These vulnerabilities pose significant risks to organizations using affected systems, potentially leading to severe data breaches and operational disruptions. Organizations must urgently apply patches (CSA version 5.0.3 or later) and review their security configurations for both CSA and Connect Secure Gateways [1][2]. Additionally, monitoring for suspicious activity is crucial as these vulnerabilities are actively exploited [2].

Tactics, Techniques & Procedures (TTPs)

T1190
Exploit Public-Facing Application - Exploitation of Ivanti CSA and Connect Secure vulnerabilities via crafted web requests - Articles 1, 2
T1566.001
Spearphishing Attachment - Potential phishing attempts to deliver exploits targeting Ivanti products - Article 2
T1059.001
Command and Scripting Interpreter - Command injection techniques used to execute arbitrary commands - Articles 1, 2
T1068
Exploitation of Elevation of Privilege Vulnerabilities - Privilege escalation through authentication bypass in Ivanti CSA - Article 1

Timeline of Events

2024-01-10
Ivanti publishes advisory on vulnerabilities in Connect Secure and Policy Secure Gateways [2]
2024-01-10
CISA adds CVE-2023-46805 and CVE-2024-21887 to the KEV catalog [2]
2024-07-24
Ivanti releases patches for Cloud Services Application vulnerabilities [1]
Ongoing
Active exploitation of identified vulnerabilities reported [2]
Powered by ThreatCluster AI
Generated 1 day ago
AI analysis may contain inaccuracies

Related Articles

2 articles
1

Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities

FortiGuard Threat Signal 2 days ago

Threat Signal Report Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities Description What is the Vulnerability? Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory,

Score
53
94.0% match
Read more
2

Ivanti Cloud Services Application (CSA) Vulnerabilities

FortiGuard Threat Signal 2 days ago

Threat Signal Report Ivanti Cloud Services Application (CSA) Vulnerabilities Description What are the Vulnerabilities? Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) that could lead to privilege escalation and code execution. More details below:CVE-2024-11639, CVSS: 10.0 (Maximum Severity), authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain admini

Score
52
94.0% match
Read more