Pierluigi Paganini
April 04, 2024
Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS).
The list of vulnerabilities addressed by the company is reported below:
| CVE | Description | CVSS | Vector |
| CVE-2024-21894 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code | 8.2 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
| CVE-2024-22052 | A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack | 7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2024-22053 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. | 8.2 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
| CVE-2024-22023 | An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. | 5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
The vulnerabilities impact all supported versions – Version 9.x and 22.x.
The company is not aware of attacks in the wild exploiting vulnerabilities.
“We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.” reads the advisory.
In March 2024, Ivanti addressed a critical remote code execution vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), impacting Standalone Sentry solution.
An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
“An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.” reads the advisory.
This vulnerability affects all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also impacted.
The company urge customers to install the available versions 9.17.1, 9.18.1, and 9.19.1, which address the issue.
In early February, the Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways.
The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. Multiple threat actors are chaining these issues to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Ivanti)
