CISA, U.S. and International Partners Warn of Ongoing Exploitation of Multiple Ivanti Vulnerabilities

Summary:

A joint advisory has been released by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and other international authorities to provide guidance on detecting exploitation activity, recommended actions, and mitigations related to the active exploitation of multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The advisory provides technical details on observed tactics used by threat actors and indicators of compromise to help organizations detect malicious activity. The vulnerabilities, including CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, can be used to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges, allowing lateral movement, data exfiltration, and persistent access on a target network. Organizations are urged to exercise due caution, patch, and take other recommended actions to address the vulnerability, especially those in critical infrastructure sectors.