Patch or Perish: Ivanti’s Critical Vulnerability Alert Demands Immediate Action!

Crack open the tech medicine cabinet, folks! Ivanti’s sounding the alarm on a pesky Standalone Sentry bug that’s got NATO’s cyber docs scribbling prescriptions for immediate patches. Don’t dawdle; it’s a code-red for network health! 🚨💻 #IvantiPatchUp

Hot Take:

Ladies and gentlemen, fasten your cyber seatbelts because Ivanti is serving up a fresh plate of critical security patches with a side of urgency. If you’re in the mood for some high-stakes digital whack-a-mole, this is your cue to start swinging that patching mallet!

Key Points:

  • Critical vulnerability CVE-2023-41724 is like an unwanted party-crasher in Ivanti’s Standalone Sentry, allowing uninvited guests to execute commands without so much as a by-your-leave.
  • Standalone Sentry guards the digital fortress as a KKDCP server or an ActiveSync gatekeeper, so this vulnerability is basically leaving the drawbridge down.
  • Another vulnerability, CVE-2023-46808, is playing hide-and-seek in Ivanti’s Neurons for ITSM, granting low-level account holders an all-access pass to command execution.
  • While cloud deployments of Neurons for ITSM have been given a security facelift, on-premises deployments are still waiting in the wings, mascara running.
  • Despite these software sob stories, there’s no evidence that cyber villains are exploiting these vulnerabilities… yet. It’s like knowing the monster is under the bed but it hasn’t eaten anyone… yet.
Cve id: CVE-2024-21887
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Cve id: CVE-2023-46808
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 03/31/2024
Cve description: An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Cve id: CVE-2024-22024
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 02/13/2024
Cve description: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Cve id: CVE-2021-22893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 04/23/2021
Cve description: Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

Cve id: CVE-2023-41724
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 03/31/2024
Cve description: A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Cve id: CVE-2024-21893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Need to know more?

Software on the Brink

Imagine your Kerberos server or ActiveSync gatekeeper is a bouncer at the club of your network. Now imagine that bouncer is suddenly hypnotized by a zero-day vulnerability, letting all sorts of riff-raff waltz in without so much as a second glance. That's CVE-2023-41724 for you. Ivanti's Standalone Sentry needs an urgent patch before the bad actors start a conga line.

The Cloud Gets a Silver Lining

CVE-2023-46808, the sneaky little gremlin in Ivanti's Neurons for ITSM, had cloud users sighing in relief as the patch parachuted in to save the day. On-premises users, on the other hand, are like homeowners watching storm clouds gather while their umbrella is still in the shop.

Not the First Rodeo

Ivanti's vulnerabilities have been the belle of the cyber attack ball since the dawn of the year, with multiple zero-days showing up unannounced and overstaying their welcome. Despite the company's best efforts to patch things up, over 13,000 endpoints were still doing the vulnerability tango last month. Think of it as a dance marathon where the prize is your data's safety.

Government Gets in on the Action

When the feds get involved, you know things are serious. The CISA's first emergency directive of the year was basically a digital DEFCON 1 for Ivanti's Connect Secure and Policy Secure systems. And when "immediate" was upgraded to "disconnect and rebuild," you could practically hear the sound of IT managers everywhere frantically flipping through their disaster recovery plans.

Past Haunts

If you thought this was a new trend, buckle up for a trip down memory lane. Three years ago, suspected Chinese cyber groups treated another Connect Secure zero-day like an all-you-can-eat buffet, chomping through government, defense, and financial orgs like there was no tomorrow. It seems that some vulnerabilities are like bad pennies—they just keep turning up.

In conclusion, Ivanti's security woes are like a high-wire act without a net; it's thrilling to watch, but you really don't want to be the one up there. So if you're an Ivanti user, get patching, and maybe send a fruit basket to your IT security team—they've earned it.

Tags: ActiveSync, CVE-2021-22893, CVE-2023-41724, Ivanti vulnerabilities, KKDCP, Neurons for ITSM, Zero-day exploitation