Skip to content

2024-033: Multiple Vulnerabilities in Ivanti Connect Secure

Table of Contents

On April 2, 2024, Ivanti has addressed critical vulnerabilities in its Connect Secure and Policy Secure products, notably CVE-2024-21894, allowing unauthenticated attackers to perform remote code execution (RCE) and denial of service (DoS) attacks.


```htmlTechnical Vulnerabilities in Ivanti Connect Secure and Policy Secure Products

Technical Vulnerabilities in Ivanti Connect Secure and Policy Secure Products

History

04/04/2024 - v1.0 - Initial publication

Summary

On April 2, 2024, Ivanti has addressed critical vulnerabilities in its Connect Secure and Policy Secure products, notably CVE-2024-21894, allowing unauthenticated attackers to perform remote code execution (RCE) and denial of service (DoS) attacks [1].

Technical Details

The vulnerability tracked as CVE-2024-21894 is a severe flaw involving a heap overflow in the IPSec component, enabling RCE and DoS without user interaction. Ivanti also fixed additional vulnerabilities [2] potentially leading to DoS attacks [1].

Affected Products

Ivanti Connect Secure versions prior 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4 and 9.1R18.5. Ivanti Policy Secure versions prior 22.4R1.2, 22.5R1.3, 22.6R1.2, 9.1R16.4, 9.1R17.4 and 9.1R18.5.

Recommendations

CERT-EU recommends applying a patch as soon as possible [3].

References

[1] https://www.bleepingcomputer.com/news/security/ivanti-fixes-vpn-gateway-vulnerability-allowing-rce-dos-attacks/
[2] https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
[3] https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

```


```htmlMITRE ATT&CK Matrix - Ivanti Advisory

MITRE ATT&CK Matrix - Ivanti Advisory

Date of Advisory Publication: April 4, 2024

Summary of the Vulnerability CVE-2024-21894

  • Type: Heap Overflow
  • Affected Components: IPSec component of Ivanti Connect Secure and Policy Secure products
  • Impact: Remote Code Execution (RCE) and Denial of Service (DoS)

Enterprise Layer

Tactic Technique Sub-techniques Mitigation Potential Attacker Groups
Initial Access Exploit Public-Facing Application T1190 Apply Patch (Recommendation [3]) Unattributed
Execution Command and Scripting Interpreter T1059 Behavior Prevention on Endpoint Unattributed
Impact Network Denial of Service T1498
T1498.001
T1498.002
T1498.003
Network Segmentation, Deny by Default Unattributed

Mobile Layer

Tactic Technique Mitigation Potential Attacker Groups
Initial Access Exploit via Charging Station / PC Apply Patch (Recommendation [3]) Unattributed
Network Effects Network Denial of Service Mobile Threat Defense Solution Unattributed

ICS Layer

Tactic Technique Mitigation Potential Attacker Groups
Initial Access Exploit Public-Facing Application Patch Management Unattributed
Impair Process Control Denial of Service Application Isolation/Segmentation Unattributed

```


This post was generated entirely by an AI language model. Source: CERT EU

Latest

Szele Tamás: Az MI ellenzéke

Szele Tamás: Az MI ellenzéke

a XIX. században a gőzgépről hitték, hogy mindenre jó, még holdutazásra is alkalmasnak gondolták, aztán mindenki rájött, hol vannak a technológia határai. Az MI is eléri majd a képességei határát – vagy a mi képességeinkét

Members Public