Ivanti has warned customers of a new security flaw that could allow attackers to bypass authentication. The vulnerability, CVE-2024-22024, has received a CVSS score of 8.3. Read this Cybersecurity Threat Advisory to learn the significant risk this threat poses to Ivanti customers and methods to minimize your exposure.
What is the threat?
The recently identified vulnerability, CVE-2024-22024, enables attackers to obtain unauthorized entry to systems and potentially manipulate crucial infrastructure. It involves specific editions of Ivanti’s Connect Secure VPN and Ivanti Policy Secure appliances. CVE-2024-22024 has been classified by Ivanti as an XML (extensible markup language) XXE (external entity) flaw. It stems from the SAML (security assertion markup language) component of Connect Secure, Ivanti Policy Secure, and zero trust access gateways. Successful exploitation could provide unauthorized access to specific restricted resources. Attackers can exploit this flaw remotely without needing prior access or user interaction, posing a significant threat to organizations utilizing Ivanti software.
Why is it noteworthy?
Ivanti software is used by organizations across many industries, which creates concern of the widespread negative impact it could have on critical infrastructure. Any unauthorized access or manipulation could have severe consequences, including operational disruptions and data breaches.
What is the exposure or risk?
CVE-2024-22024 poses significant risk to organizations using Ivanti software due to the possibility of unauthorized access and manipulation of critical systems. This could lead to operational disruptions, data breaches, and compromise of sensitive information. Moreover, the widespread use of Ivanti software across various industries increases the potential attack surface and impact of this vulnerability.
What are the recommendations?
Barracuda MSP recommends taking the following actions to mitigate the risk:
- Apply patches released by Ivanti as soon as they become available to decrease the chance of exploitation.
- Ensure that Ivanti devices are updated with the latest security measures and configurations. This includes enabling multi-factor authentication, enforcing strong password policies, and implementing network segmentation.
- Implement robust monitoring solutions to detect and respond to any suspicious activity or attempted unauthorized access to Ivanti devices. This includes monitoring logs, network traffic, and system activity for any indicators of compromise.
- Educate employees and users about the security implications. Provide best practices to secure authentication and access management.
- Conduct regular security audits and assessments of Ivanti devices to identify and remediate any potential vulnerabilities or misconfigurations that could be exploited by attackers.
- Employ a defense-in-depth approach by implementing multiple layers of security controls, including firewalls, intrusion detection systems, and endpoint protection, to mitigate the risk of unauthorized access and exploitation of the identified security flaw.
- Engage with Ivanti’s support services to receive guidance and assistance in implementing recommended security measures and applying patches to address the identified security flaw.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2024/02/warning-new-ivanti-auth-bypass-flaw.html
- https://labs.watchtowr.com/are-we-now-part-of-ivanti/
- https://www.theregister.com/2024/02/09/ivanti_discloses_fifth_ics_vulnerability/
If you have any questions regarding this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.