Published on 11 Jan 2024
Users and administrators with impacted systems are advised to disconnect and isolate the impacted appliance(s) from the networks and any enterprise resources to the greatest degree possible. They are also advised to run the external Integrity Checker Tool (ICT) to identify potential signs of compromise.
Ivanti has announced that patches will be released in a staggered schedule. Users and administrators of affected Ivanti products should download and apply the official patch immediately. If a previous mitigation (XML file) was applied before the patch, it can be removed once the patch has been applied. The mitigation removal XML process can be found in the download portal at https://forums.ivanti.com/s/product-downloads.
If a patch is not yet available for a vulnerable appliance, users and administrators are advised to apply the mitigation patch (via importing the mitigation.release.20240126.5.xml file) after the upgrade has been completed. Do note that applying the XML file may impact functionality and features of an appliance, including SAML authentication.
Refer to this advisory for immediate actions to take to protect against multiple zero-day vulnerabilities in Ivanti products.
Ivanti has disclosed two zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) that are being actively exploited.
The vulnerabilities are:
The aforementioned vulnerabilities affect Ivanti Connect Secure and Ivanti Policy Secure versions 9.x and 22.x.
Ivanti has announced that patches will be released in a staggered schedule, with the first version targeted to be available to users and administrators in the week of 22 January 2024 and the final version targeted to be available on the week of 19 February 2024.
In the meantime, users and administrators of affected product versions are advised to apply the mitigation measures by importing the mitigation.release.20240107.1.xml file via the Ivanti download portal. Instructions on how to implement the mitigation and the possible impact on services are available here: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
More information is available here: