Cyber Siege: Ivanti Gateways Under Attack – Patch Now or Risk Total Compromise

Focus keyphrase: “exploiting previously identified vulnerabilities”

In a digital game of cat and mouse, cyber ne’er-do-wells are “exploiting previously identified vulnerabilities” in Ivanti gateways. CISA and pals warn: change those passwords and patch up, or it’s cyber-deja-vu! 🐱‍💻🚨 #CybersecurityWhackAMole

Hot Take:

When the cybersecurity world plays “Hide and Seek”, it’s the vulnerabilities that are always winning hide and go seek championships. Ivanti Connect Secure and Ivanti Policy Secure are the latest “Hide and Seek” playgrounds for cyber threat actors, hoodwinking the tools meant to keep them out. I mean, if your Integrity Checker Tool needs an integrity check, you know it’s going to be a long day at the office!

Key Points:

  • Cyber ninjas are exploiting vulnerabilities in Ivanti Secure gateways like they’re cheat codes in a video game.
  • The so-called Integrity Checker Tool is more like an “Integrity, What’s That?” Tool, failing to spot the sneaky shenanigans of cyber baddies.
  • Even a digital factory reset can’t shake off these persistent pests, proving that cyber cockroaches are just as resilient as their real-world counterparts.
  • The authoring organizations are practically begging network defenders to start a cyber manhunt using their detection methods and indicators of compromise.
  • And, as a cherry on top, the safest bet for network defenders is to assume their devices are as compromised as a politician’s promises during election season.
Cve id: CVE-2024-21893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Cve id: CVE-2024-21887
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Cve id: CVE-2024-22024
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 02/13/2024
Cve description: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Cve id: CVE-2024-21888
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Need to know more?

Cybersecurity's Most Wanted:

The cyber sheriff and its posse, including CISA and friends from around the globe, have banded together to spotlight the notorious cyber outlaws exploiting Ivanti Secure gateways. These cyber cowboys have discovered the digital equivalent of a “Get Out of Jail Free” card, allowing them to stroll past security checks with a tip of the hat.

The Great Integrity Check Fail:

It seems the Integrity Checker Tool might need to take a long, hard look in the mirror since it's been hoodwinked by these cyber threat actors. They've managed to deceive Ivanti’s internal and external integrity tests, leaving them as useful as a chocolate teapot. So much for internal affairs!

Hit the Reset Button... It Does Nothing:

These cyber villains are so deeply entrenched that hitting the reset button does about as much as giving a stern talking-to to a teenager - absolutely nothing. They could be lurking in the digital shadows for an arbitrary amount of time, waiting to pounce like a cat on a laser pointer.

A Call to Digital Arms:

The authoring organizations are rallying the troops, calling on all network defenders to armor up and seek out these cyber threats like knights on a quest. They're provided a treasure map in the form of detection methods and indicators of compromise to help track down these elusive digital dragons.

Paranoia is the New Prudence:

In a twist that would make any spy thriller jealous, the authoring organizations suggest that the safest course of action is to trust no one—or no device, rather. It's like finding out your toaster has been spying on you all along; paranoia might just be the healthiest mindset in cybersecurity these days.

Final Words of Wisdom:

When it comes to digital security, it's clear that even the most secure-looking gateways can have their locks picked by persistent cyber burglars. It’s a wild world out there in the cyber wilderness, and it seems the only way to stay safe is to assume you're always in danger—like living in a digital version of Australia, where everything is out to get you. Stay vigilant, my friends!
Tags: CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, CVE-2024-22024, Ivanti vulnerabilities, MITRE ATT&CK, VPN appliance security, web shell exploitation