Ivanti Warns of New Security Vulnerabilities Affecting Products

In the ever-evolving landscape of cyber threats, Ivanti has issued a stark warning about a new wave of vulnerabilities affecting its products. The most recent, known as the Ivanti Auth Bypass Flaw, identified as CVE-2024-22024, is a worrying development for users of Ivanti products.

Let’s delve deeper. The vulnerability emerges from an XXE weakness in the SAML components of Ivanti’s Connect Secure, Policy Secure, and ZTA gateways. Remote attackers need no user interaction to exploit [this flaw](https://www.ivanti.com/blog/security-update-for-ivanti-connect-secure-and-ivanti-policy-secure-gateways-282024), which could grant them unfettered access to restricted resources on unpatched devices.

Moreover, according to Shadowserver statistics, the exposure is far-reaching, with over 20,000 ICS VPN gateways accessible online, including 6,000 plus in the U.S. alone. To mitigate the threat, Ivanti released patches on January 31st, which act as a crucial defense against CVE-2024-22024 and a slew of associated vulnerabilities, such as CVE-2023-46805 and CVE-2024-21887, that had been exploited as zero-days since the previous December.

Ivanti’s stance is clear. Administrators should not only patch but also factory reset the vulnerable appliances to block potential persistence by attackers through software upgrades. This measure is vital, as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has gone as far as to mandate federal agencies to disconnect at-risk VPN appliances within 48 hours due to the high level of threat actor targeting.

For users beyond federal agencies, the security advisory from [Ivanti](https://www.ivanti.com/blog/topics/security-advisory/rss) remains the cornerstone of guidance, providing clear instructions for remediation and encouraging the use of their External Integrity Checker Tool.

Interestingly, the efforts to bolster security don’t end there. The Shadowserver Dashboard, which provides vital data on vulnerable IoT devices, offers an additional resource for tracking potential threats. This platform, [supported by various partners](https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor;=pulse+secure&model;=pulse+connect+secure+vpn&group;_by=geo&style;=stacked), serves as a second layer of intelligence for organizations seeking to shore up their cybersecurity.

Capturing the reality of cybersecurity risks requires constant vigilance, and the recent Ivanti vulnerabilities have tested the community’s response. With diligent application of updates, use of recommended tools, and leveraging community intelligence through resources like Shadowserver, organizations can navigate these treacherous digital waters. It is a collective effort, both in terms of defense and the sharing of critical threat information, that will lead to enhanced cyber resilience for all.