This alert is relevant to Australians who are running or administering instances of Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS). These vulnerabilities impact all supported versions – Version 9.x and 22.x. This alert is intended to be understood by technical users.
Customers are encouraged to apply any available mitigations and patches as soon as possible.
Background / What has happened?
- Ivanti has released security advisories and mitigations for 2 critical vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure gateways.
- CVE-2023-46805 is an authentication bypass vulnerability in the web component of ICS (9.x, 22.x) and IPS and allows a remote attacker to access restricted resources by bypassing control checks.
- CVE-2024-21887 is a command injection vulnerability in web components of ICS (9.x, 22.x) and IPS and allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
- Ivanti is aware of active exploitation of these vulnerabilities.
Affected versions / applications:
- CVE-2023-46805: This vulnerability impacts all supported versions ICS (9.x, 22.x) and IPS
- CVE-2024-21887: This vulnerability impacts all supported versions ICS (9.x, 22.x) and IPS
Mitigation / How do I stay secure?
Organisations that use Ivanti Connect Secure and/or Ivanti Policy Secure should follow the mitigations advice provided in the Ivanti Security Advisory below:
Assistance / Where can I go for help?
Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).