Two critical vulnerabilities, identified as CVE-2024-21887 and CVE-2023-46805, are opening the door for data to be stolen, and they don’t stop there. In addition, they allow for modifications to existing files in your environment and for remote files to be downloaded.
So please REMOVE COMPROMISED DEVICES from your network and immediately prepare for an upcoming patch.
There has been an emergency directive issued by CISA to mitigate all Ivanti 0-day vulnerabilities.
Quick Points:
Vulnerabilities: CVE-2024-21887 (Command Injection) and CVE-2023-46805 (Authentication Bypass)
Likelihood: Low to Medium. Approximately 15,000-20,000 VPN gateways are potentially exposed
Impact: High. Potential for unauthenticated remote code execution, data theft, file modification, and reverse tunneling
Current Mitigation IS UNSTABLE: Ivanti has released an XML file as a temporary workaround that IS UNSTABLE