CISA Warns of High-Risk Vulnerabilities in Ivanti Platforms

In the constantly evolving realm of cybersecurity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm on various high-risk vulnerabilities. Foremost among them is an authentication bypass flaw within Ivanti’s Endpoint Manager Mobile (EPMM) platform, denoted as CVE-2023-35082. This flaw carries a chilling 9.8 CVSS score and presents an open door for unauthorized actors to potentially harvest users’ personal data and make limited yet dangerous changes to the server.

This critical security gap is not operating in isolation. By harnessing CVE-2023-35082 in tandem with another flaw, CVE-2023-35078, attackers can inject malicious web shell files into the system. Consequently, all versions of Ivanti EPMM, including 11.10, 11.9, and 11.8, along with MobileIron Core 11.7 and older, are at risk. CISA has advised federal agencies to apply fixes by February 8, 2024, as detailed in a [CISA alert](https://www.cisa.gov/news-events/alerts/2024/01/18/cisa-adds-one-known-exploited-vulnerability-catalog) from earlier this year.

However, the spotlight on Ivanti doesn’t dim there. The cybersecurity firm Rapid7 disclosed two additional zero-day flaws in Ivanti Connect Secure (ICS) VPN devices. These vulnerabilities, cataloged under CVE-2023-46805 and CVE-2024-21887, permit threat actors to implant web shells and lay the groundwork for stealthy backdoors. Updates to remedy these vulnerabilities are reportedly on the horizon.

Ivanti has responded with an interim fix to restrict access to vulnerable points. Still, a full patch release is awaited, and device integrity checks are highly recommended for compromised devices. Researchers from Assetnote have emphasized the critical nature of these vulnerabilities, and their ongoing work to unravel the intricacies of the exploited flaws underlines the urgency for action.

CISA’s [Known Exploited Vulnerabilities catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog), a crucial resource for keeping track of such threats, lists these concerns and provides additional information for mitigation. Moreover, Assetnote warns organizations to stay vigilant about these exploitations to protect their networks.

In these challenging cybersecurity times, the necessity for vigilance and swift action has never been greater. Organizations are urged to adhere to security advisories and harness resources like the [Assetnote platform](https://www.assetnote.io/resources/research/high-signal-detection-and-exploitation-of-ivantis-pulse-connect-secure-auth-bypass-rce) for up-to-the-minute guidance. As threats evolve and intensify, the collective effort to seal vulnerabilities becomes an all-hands-on-deck endeavor to safeguard the digital landscape.