Security Updates Released for Ivanti Products Addressing Critical Vulnerabilities
Ivanti has issued security updates aimed at rectifying several severe vulnerabilities in its Cloud Services Application (CSA) and Connect Secure offerings, vulnerabilities that could potentially facilitate privilege escalation and remote code execution. The concern arises from multiple critical flaws present in the affected versions, specifically prior to updates that patch these risks.
Among the vulnerabilities, CVE-2024-11639 stands out with a CVSS score of 10.0, indicating serious risk. This authentication bypass vulnerability in the administrative web console of Ivanti CSA allows an unauthenticated remote attacker to gain administrative access. Furthermore, the command injection vulnerability designated CVE-2024-11772, also rated at 9.1, enables a remote authenticated attacker with administrative privileges to execute arbitrary code within the same administrative console. Additionally, CVE-2024-11773, another vulnerability with a CVSS score of 9.1, exposes an SQL injection instance that permits an authenticated remote attacker to execute arbitrary SQL commands.
The Connect Secure product is not exempt from vulnerabilities either. CVE-2024-11633, with a CVSS score of 9.1, signifies an argument injection vulnerability that permits remote authenticated attackers with admin privileges to execute code. Similarly, CVE-2024-11634, also rated at 9.1, highlights a command injection vulnerability allowing remote code execution under the same circumstances. Lastly, CVE-2024-8540, rated at 8.8, pertains to a permissions issue in Ivanti Sentry that can be exploited by local authenticated attackers to modify sensitive application components.
The updated versions that remedy these vulnerabilities include Ivanti Cloud Services Application 5.0.3, Ivanti Connect Secure 22.7R2.4, Ivanti Policy Secure 22.7R1.2, and Ivanti Sentry versions 9.20.2, 10.0.2, and 10.1.0. Though Ivanti has asserted a lack of confirmed exploitation of these vulnerabilities, historical instances where past vulnerabilities have been manipulated by state-sponsored attackers necessitate that users promptly apply these updates.
The potential attack vectors align with various techniques outlined in the MITRE ATT&CK framework. The exploitation of these flaws could indicate initial access tactics, where threat actors gain unauthorized entry, leading to persistence enabled through backdoor entries. The described vulnerabilities also suggest opportunities for privilege escalation and execution, allowing attackers to maneuver within the system undetected.
As cybersecurity threats evolve, business owners must remain vigilant and proactive regarding security updates. The Ivanti vulnerabilities underscore the critical importance of maintaining up-to-date software to protect against potential exploitation.
