Ivanti Neurons for ITSM Authenticated Remote File Write Vulnerability (CVE-2023-46808)

Qualys Security Advisory

Ivanti Neurons for ITSM is vulnerable to a critical flaw tracked as CVE-2024-46808. Successful exploitation of the vulnerability may allow an attacker to write files to sensitive directories.

Ivanti has mentioned in the advisory that there are no reports of any exploitation attempts of the vulnerability.

Ivanti Neurons for ITSM is a cloud-based IT service management (ITSM) platform that can help businesses become more efficient, secure, and compliant. Ivanti Neurons for ITSM is designed to expand with user’s increasing needs. It is available as a perpetual or subscription-based license per asset and analyst.

Vulnerability Description

An attacker must be authenticated to exploit the vulnerability. A remote user can write files to the ITSM server by exploiting the vulnerability. An authenticated remote attacker may write files to sensitive directories, allowing attackers to execute commands in the web application’s user context.

Affected versions

This vulnerability impacts Ivanti Neurons for ITSM versions 2023.3, 2023.2, and 2023.1.

Mitigation

Ivanti has released a hotfix, which has been applied to all Ivanti Neurons for ITSM landscapes cloud customers.

For On-Premise Customers: A patch is available on the Ivanti Neurons for ITSM Downloads page for each 2023.X version. This will require upgrading to 2023.X to apply the patch.

Please refer to the Knowledge Base Article for more information regarding accessing and applying the remediations.

Qualys Detection

Qualys customers can scan their devices with QID 379527 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM?language=en_US
https://forums.ivanti.com/s/article/CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM?language=en_US

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *