Ivanti’s Triple Threat: New Vulnerability Strikes After Two Major Patches

Ivanti’s security woes multiply with a fresh flaw, CVE-2024-21893, outshining past vulnerabilities in hacker popularity. Get patched or risk a comedy of errors!

Hot Take:

Look out, Ivanti’s playing whack-a-mole with security flaws and the moles are winning. Patch one, two more pop up! It’s like a never-ending game of cybersecurity Jenga, where every block pulled is a new vulnerability and the tower is looking wobblier by the minute. Let’s dive into the latest digital drama where the bad guys are playing chess, and Ivanti’s still figuring out checkers.

Key Points:

  • Ivanti’s Connect Secure and Policy Secure VPN products are playing host to a new uninvited guest, CVE-2024-21893, a server-side request forgery fiesta.
  • The company patched up the vulnerability party in late January, but hackers already RSVP’d and started the abuse shindig.
  • CVE-2024-21893 is the third wheel following CVE-2023-46805 and CVE-2024-21887, and this one’s spinning out of control faster than a fidget spinner on a jet engine.
  • The US Government’s Cybersecurity and Infrastructure Security Agency is basically telling agencies to ghost their Ivanti VPNs until they’re patched up and ready to mingle safely again.
  • While there’s a PoC out, it’s not the match that lit the exploitation fire – hackers were already toasting marshmallows by the time it dropped.
Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Cve id: CVE-2024-21887
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Cve id: CVE-2024-21893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Need to know more?

A Rocky Road Paved with Patches

Ivanti’s year is off to a start so rocky, you could probably climb it. Not one, not two, but three vulnerabilities have been the life of the hacker party, with the latest being a server-side request forgery that's about as welcome as a screen door on a submarine. Ivanti tried to play the hero with a patch, but the villains were already throwing their own exploit party.

The Cybersecurity Conundrum Continues

Meanwhile, over at Shadowserver, they're watching the abuse of CVE-2024-21893 mushroom into something that would make Super Mario proud. It's outpacing its older siblings in popularity, which is never good when we're talking about security vulnerabilities. Government agencies are getting the digital equivalent of "Stay indoors!" advisories from CISA, who's suggesting they play hide and seek with their Ivanti VPNs until they're patched.

Who's Behind the Mask?

The first two flaws were like a bad spy novel with Chinese state-sponsored threat actors lurking in the shadows. For this latest plot twist, the villain's identity is still a mystery, leaving us all on the edge of our seats. But let's be real, it's probably the same shady characters. Plot armor can only last so long, and those who shielded themselves from the first two flaws are finding out the hard way that they're not invincible.

Don't Call It a Comeback

Rapid7 dropped a PoC like a hot mixtape at a party that was already lit. Hackers were seen putting their exploitation moves on the dance floor hours before the PoC even had its shoes on. It's like showing up to the after-party when everyone's already heading home — a little too late to make an entrance.

Signing Off with a Side of Sarcasm

And let's not forget to sign up for that TechRadar Pro newsletter, because nothing complements a cybersecurity crisis like top news and opinion pieces delivered with your morning coffee. It's like getting daily reminders that the internet is a wild west, and you're just trying to avoid a duel at high noon.

Curtain Call for the Cybersecurity Circus

Last but not least, a tip of the hat to Sead, the tech and cybersecurity wordsmith from Sarajevo, who's seen more IT drama than a soap opera director. With a pen mightier than a firewall, he’s been documenting the digital ups and downs longer than some of us have been using Wi-Fi.

Tags: Chinese state-sponsored hackers, CVE-2024-21893, Ivanti VPN vulnerabilities, Network Security, patch management, Rapid7 PoC, Server-side Request Forgery