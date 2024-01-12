en English
Cybersecurity

Ivanti Connect Secure and Policy Secure Gateways: New Vulnerabilities Exploited

By: Emmanuel Abara Benson
Published: January 12, 2024 at 2:19 am EST
Ivanti Connect Secure and Policy Secure Gateways: New Vulnerabilities Exploited

A recent discovery of two new vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways has raised significant cybersecurity concerns. These vulnerabilities, labelled CVE-2023-46805 and CVE-2024-21887, have been exploited by threat actors, leading to authentication bypass and command injection. The severity of these vulnerabilities is categorized as high and critical, with ratings of 8.2 and 9.1, respectively.

Active Exploitation and Its Consequences

The active exploitation of these vulnerabilities, known as UTA0178, has been detected in the wild. The attackers, suspected to be linked with a Chinese nation-state actor, have utilized these security flaws to steal configuration data, establish reverse tunnels, and circumvent integrity checks. The threat actors have also managed to implant a backdoor in a CGI file and modify JavaScript files to capture login credentials—revealing a sophisticated operation.

Exploring the Attackers’ Techniques

The attackers have demonstrated a range of techniques to exploit these vulnerabilities, including using a curl command for outbound connections, establishing reverse SOCKS proxy and SSH connections, and exploiting compromised Cyberoam appliances. Their activities include lateral movements using stolen credentials and transferring webshell variants to different servers. However, some executed files were no longer present during the analysis. Interestingly, specific paths were found to be excluded from the Integrity Checker Tool’s list, indicating evasive measures.

The Response from Ivanti

Upon recognizing the severity of these vulnerabilities, Ivanti released a security advisory and patched versions of the products to mitigate these issues. Notably, Ivanti Neurons for ZTA gateways are reportedly not exploitable in production. This response aims to reduce the potential damage caused by these vulnerabilities and protect their customers from further exploitation.

Moreover, to aid organizations in assessing the security of their digital systems, Kelltron is now offering cost-effective penetration testing services. They are also providing a free demo to demonstrate the effectiveness of their approach.

While this incident serves as a stark reminder of the constant cybersecurity threats faced by organizations, it also underlines the importance of proactive measures and timely responses to ensure the security of digital systems.

Emmanuel Abara Benson

Emmanuel Abara Benson, an esteemed international correspondent, has spent years delving deep into the dynamics of African economies. He embarked on his journalistic journey with noteworthy contributions to leading outlets such as Naira Metrics, Business Insider Africa, and Business Elites. Serving as a voice for African stories, Emmanuel offers captivating and in-depth insights that resonate with both local and international audiences. A respected figure in the field, his unwavering dedication shines through his meticulous research and thoughtful commentary. With a keen eye for detail, Emmanuel delivers a well-rounded and enlightening view on African issues, establishing him as a trusted news source from the continent. Beyond mere news dissemination, he's driven by a passion to enhance global comprehension of Africa and champion its progress.

