Two new zero-day vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure products, identified as CVE-2024-21888 and CVE-2024-21893. Furthermore, it has been reported that one of the vulnerabilities (CVE-2024-21893) has been exploited in the wild by threat actors.
In response to the discovery of these vulnerabilities, Ivanti has issued a security advisory advising all of its customers to patch their systems accordingly. It is important to note that earlier this month, Ivanti Connect Secure was also reported to have a zero-day vulnerability, which was similarly exploited in the wild by threat actors.
The CVE-2024-21888 vulnerability, a Privilege Escalation vulnerability, is attributable to a web component of Ivanti Connect Secure and Ivanti Policy Secure. This flaw enables a threat actor to elevate their privileges to that of an administrator, provided that the threat actor has a user privilege on the vulnerable device. The severity of this vulnerability has been rated as 8.8 (High), but as of yet, there have been no confirmed instances of exploitation.
The second vulnerability, CVE-2024-21893, is a Server-Side Request Forgery flaw that exists in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. This vulnerability allows a threat actor to access unrestricted resources without authentication. The severity of this vulnerability has been rated as 8.2 (High), and it has been reported to be actively exploited by threat actors in the wild.
Notably, both of these vulnerabilities have been included in the CISA’s Known Vulnerability Catalog, alongside previously exploited vulnerabilities CVE-2024-21887 and CVE-2023-46805.
Ivanti has made available fixed versions for the affected products, with versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, and 22.5R1.1 for Ivanti Connect Secure and Ivanti Policy Secure, and ZTA version 22.6R1.3. Users of these products are strongly urged to upgrade to the latest versions in order to protect their systems from potential exploitation by threat actors.
In light of these developments, Trustifi’s Advanced threat protection platform has been recommended as an essential defense measure. Trustifi’s uses sophisticated AI-powered email protection technology to prevent the widest spectrum of sophisticated cyber attacks before they reach a user’s mailbox. Interested parties are encouraged to take advantage of Trustifi’s Free Threat Scan to further bolster their cybersecurity defenses against such exploits.