Threat Advisory

Critical Flaws Found in Ivanti Products Enable Remote Exploitation

Threat: Vulnerability
Criticality: High

EXECUTIVE SUMMARY:

Ivanti has addressed multiple critical vulnerabilities in its Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry products, which could lead to privilege escalation, remote code execution, and administrative access. Notably, CVE-2024-11639 is an authentication bypass vulnerability in the admin web console of Ivanti CSA that allows remote unauthenticated attackers to gain full administrative access. Other flaws include command injection and SQL injection vulnerabilities in CSA, as well as argument injection and insecure permissions issues in Connect Secure, Policy Secure, and Sentry.

 

  • CVE-2024-11772: A command injection vulnerability with a CVSS score of 9.1 affects the CSA admin console before 5.0.3, enabling remote code execution by authenticated admin-level users.

 

  • CVE-2024-11773: An SQL injection flaw with a CVSS score of 9.1 impacts the CSA admin console before 5.0.3, permitting arbitrary SQL statement execution by authenticated admin users.

 

  • CVE-2024-11633: An argument injection issue with a CVSS score of 9.1 exists in Connect Secure before 22.7R2.4, allowing remote code execution by authenticated admin users.

 

  • CVE-2024-11634: A command injection vulnerability with a CVSS score of 9.1 affects Connect Secure and Policy Secure before their respective updated versions, allowing authenticated admins to execute arbitrary commands.

 

  • CVE-2024-8540: An insecure permissions flaw with a CVSS score of 8.8 impacts Ivanti Sentry versions before 9.20.2, 10.0.2, and 10.1.0, allowing local authenticated attackers to modify critical application components.

 

The critical vulnerabilities in Ivanti products pose significant security risks, including remote code execution and administrative access. Prompt updates to the latest versions are essential to mitigate potential exploitation.

RECOMMENDATION:

We strongly recommend you update Ivanti products to below versions:

  • Ivanti Cloud Services Application(CSA) to 5.0.3
  • Ivanti Connect Secure (ICS) to 22.7R2.4
  • Ivanti Policy Secure (IPS) to 22.7R1.2
  • Ivanti Sentry to 9.20.2, 10.0.2, 10.1.0

REFERENCES:

The following reports contain further technical details:
https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html

crossmenu