Security News > 2024 > February > Over 13,000 Ivanti gateways vulnerable to actively exploited bugs

Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
2024-02-15 15:30

Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.

Starting with CVE-2024-22024, the issue is an XXE vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateways that allowsunauthorized access to restricted resources.

Threat monitoring service Shadowserver reports that its internet scans show more than 3,900 Ivanti endpoints vulnerable to CVE-2024-22024.

The organization saw roughly 1,000 Ivanti endpoints that are still vulnerable to CVE-2024-21887, a flaw that lets authenticated admins execute arbitrary commands on vulnerable appliances by sending specially crafted requests.

The flaws affecting Ivanti products were disclosed over a short period, giving administrator little time to prepare for applying the patches.

Ivanti Connect Secure zero-days exploited to deploy custom malware.


News URL

https://www.bleepingcomputer.com/news/security/over-13-000-ivanti-gateways-vulnerable-to-actively-exploited-bugs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-22024 XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
network
low complexity
ivanti CWE-611
8.3
2024-01-12 CVE-2024-21887 Command Injection vulnerability in Ivanti Connect Secure and Policy Secure
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
network
low complexity
ivanti CWE-77
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283