9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.964 High
EPSS
Percentile
99.5%
In recent and alarming cybersecurity developments, Volexity researchers have discovered that attackers are exploiting two distinct zero-day vulnerabilities in a coordinated manner to enable unauthenticated remote code execution (RCE). These vulnerabilities are identified as CVE-2023-46805 and CVE-2024-21887, posing a significant threat when combined. Moreover, their severity has been recognized by the Cybersecurity and Infrastructure Security Agency (CISA), leading to their inclusion in the agency's Known Exploited Vulnerabilities (KEV) catalog. This addition to the CISA's Known Exploited Vulnerabilities catalog highlights the critical nature of these vulnerabilities and the urgent need for awareness and action, especially given that both CVEs are actively exploited in the wild.
The critical factor here is the combination of these two vulnerabilities. When CVE-2024-21887 is used in tandem with CVE-2023-46805, the requirement for authentication is effectively bypassed. This loophole offers threat actors an open door to craft malicious requests and execute arbitrary commands on affected systems, significantly elevating these vulnerabilities' risk and potential impact.
These two severe vulnerabilities in Ivanti Connect and Policy Secure Gateways have been exploited with alarming consequences. These vulnerabilities simplify the process for attackers to execute commands on the system. Exploiting these vulnerabilities could lead to a series of critical incidents: sensitive configuration data could be illicitly extracted, existing files on the system could be stealthily altered, remote files could be surreptitiously downloaded, and a covert reverse tunnel could be established from the Ivanti Connect Secure (ICS) VPN appliance, potentially amplifying the severity of an attack.
These vulnerabilities affect all currently supported versions of the products. Mitigations are already available for immediate implementation. Ivanti is offering these mitigations while developing a comprehensive patch is underway.
Ivanti strongly advises all customers to refer to the KB Article for detailed guidance on implementing the necessary mitigations.
Organizations using Ivanti Connect and Policy Secure Gateways must urgently inventory and scan their systems for CVE-2023-46805 and CVE-2024-21887 vulnerabilities. The critical concern arises from the combination of these vulnerabilities. When exploited together, they eliminate the need for authentication, allowing threat actors to execute arbitrary commands on affected systems. These incidents highlight the urgent need for immediate action to mitigate the risk and protect against the high-impact consequences of these vulnerabilities.
Qualys QID Coverage
Qualys has released QIDs, available starting from version VULNSIGS-2.5. 959-2 of the vulnsigs.
QID | Title | Release Version |
---|---|---|
731074 | Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Multiple Vulnerabilities | VULNSIGS-2.5.959-2 |
Qualys CSAM Query
Go to CSAM, Inventory, under the Software tab search with the following QQL:
software:(name:"PULSE SECURE")
In summary, the recent discovery of two zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti Connect Secure and Policy Secure Gateways poses a significant cybersecurity threat. Qualys' comprehensive product suite plays a crucial role in assisting organizations to counter this threat. Organizations are urged to prioritize these vulnerabilities due to their high impact and the ease of exploitation by threat actors. Immediate action is essential to mitigate the risks and protect systems from these severe security threats.
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.964 High
EPSS
Percentile
99.5%