Ivanti Patches Critical Flaws: Secure Your Gateways Before Hackers Do!

Ivanti plugs security holes faster than a carnival game whack-a-mole! Patch up, people – CVE-2024-21894 won’t exploit itself. #IvantiPatchDay

Hot Take:

Well, folks, it seems like our dear Ivanti has been handing out vulnerabilities like they’re going out of style. Good news is, they’re patching up faster than a tailor on prom night. But let’s be real, with attackers circling like sharks around a pool floatie, it’s a race against time before someone’s data does a belly flop into the wrong hands. Let’s dive into the patch-palooza!

Key Points:

  • A heap of trouble: One high-severity flaw (CVE-2024-21894) lets attackers remotely execute code or deny service without breaking a sweat.
  • Hide and Seek: Ivanti’s playing coy about the “certain conditions” that make you vulnerable, leaving us all to wonder if we’re the unlucky ones.
  • Patch Parade: Not just one, but three extra flaws are getting the band-aid treatment, all ripe for the unauthenticated picking.
  • Counting Sheep: Shodan and Shadowserver’s counts of exposed Ivanti gateways are giving IT pros nightmares.
  • History Repeating: This isn’t Ivanti’s first vulnerability rodeo, with past security slip-ups leading to government and financial heartache.
Cve id: CVE-2024-21894
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 04/04/2024
Cve description: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

Cve id: CVE-2024-22024
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 02/13/2024
Cve description: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Cve id: CVE-2024-22023
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 04/04/2024
Cve description: An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

Cve id: CVE-2024-22053
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 04/04/2024
Cve description: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

Cve id: CVE-2024-22052
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 04/04/2024
Cve description: A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

Cve id: CVE-2024-21893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Cve id: CVE-2024-21887
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Cve id: CVE-2021-22893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 04/23/2021
Cve description: Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

Need to know more?

Patching Up the Leaky Boat

Psst, ever heard of Ivanti? They're the IT bouncers keeping the riffraff out of your network party. But it turns out, their list wasn't quite up to snuff. Enter a heap overflow weakness that's like an all-access pass for the code execution club, and denial of service is the opening act. But fear not, Ivanti's dishing out patches like Halloween candy, so it's time for a security sugar rush.

It's a Secret, But You're Probably Fine... Maybe

The best kind of security flaw is the mysterious kind, right? Ivanti's not spilling the beans on what makes you vulnerable, which is sort of like saying, "There's a monster under your bed, but only if you're wearing green pajamas." Helpful? Not so much. But hey, they say no one's been exploited yet, so sleep tight.

The Unwanted Guests

And because bad things come in threes, Ivanti's rolled out fixes for a trio of uninvited flaws that could let attackers crash the party without even saying "please." We're talking null pointer shenanigans, another heap overflow, and an XML entity expansion that's about as welcome as double dipping in the salsa.

Peekaboo, I See You

Shodan and Shadowserver are basically the neighborhood watch for the internet. And guess what? They're seeing tens of thousands of Ivanti's Connect Secure VPN gateways just hanging out there. It's like leaving your front door open with a "Come on in!" sign. With nation-state actors lurking, it's time to close the door and maybe add a few locks.

Deja Vu All Over Again

If you're feeling a sense of déjà vu, it's because Ivanti's been down this vulnerability rabbit hole before. We've seen Chinese threat groups doing digital somersaults through Ivanti's zero-days, and let's not forget the CISA's "patch or else" love letter to federal agencies. It's like a cybersecurity soap opera, but with more patches and fewer evil twins. Remember folks, in the world of cybersecurity, the only guarantee is that there's never a dull moment. So patch up, stay alert, and maybe don't wear green pajamas to bed, just in case.
Tags: CISA directive, denial of service, Ivanti patches, Remote Code Execution, VPN gateways, Vulnerability Disclosure, Zero-Day Attacks