Threat Intelligence: Alert: Critical Ivanti VPN Vulnerabilities - D1defend D1defend

Threat Intelligence: Alert: Critical Ivanti VPN Vulnerabilities - D1defend D1defend

x

Blog

Threat Intelligence: Alert: Critical Ivanti VPN Vulnerabilities

Posted: January 24, 2024

Two critical vulnerabilities, identified as CVE-2024-21887 and CVE-2023-46805, are opening the door for data to be stolen, and they don’t stop there.  In addition, they allow for modifications to existing files in your environment and for remote files to be downloaded. 

So please REMOVE COMPROMISED DEVICES from your network and immediately prepare for an upcoming patch. 

There has been an emergency directive issued by CISA to mitigate all Ivanti 0-day vulnerabilities. 

Quick Points: 

  • Vulnerabilities: CVE-2024-21887 (Command Injection) and CVE-2023-46805 (Authentication Bypass) 
  • Likelihood: Low to Medium. Approximately 15,000-20,000 VPN gateways are potentially exposed 
  • Impact: High. Potential for unauthenticated remote code execution, data theft, file modification, and reverse tunneling 
  • Current Mitigation IS UNSTABLE: Ivanti has released an XML file as a temporary workaround that IS UNSTABLE 

Contact Us Today!

Schedule a Call