Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities (CVE-2023-46805 and CVE-2024-21887)

Fortiguard Security Advisory

What is the Vulnerability?
Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

What is the Vendor Solution?

At the time of posting, there is no patch available; Ivanti has released workarounds as the two new vulnerabilities are actively being exploited in the wild. FortiGuard Labs strongly recommends users to apply patches as soon as they are made available and track vendor advisory for any updates. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs is investigating an IPS signature protection and should release it as soon as it becomes available. Please note: any new updates would be added to this Threat Signal.
FortiGuard Labs recommends companies to follow mitigation steps released by the vendor and track patch schedule for the affected systems.