Ivanti.Connect.Secure.Policy.Secure.Authentication.Bypass

Description

This indicates an attack attempt to exploit a Authentication Bypass Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure Gateways.
The vulnerability is due to insufficient validation of user input. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target gateway. Successfully exploiting this vulnerability could result in the execution of arbitrary commands.

Outbreak Alert

Widespread exploitation of zero-day vulnerabilities affecting Ivanti Connect Secure and Policy Secure gateways underway.

View the full Outbreak Alert Report

Affected Products

Ivanti Connect Secure prior to 9.1R14x
Ivanti Connect Secure prior to 9.1R15x
Ivanti Connect Secure prior to 9.1R16x
Ivanti Connect Secure prior to 9.1R17x
Ivanti Connect Secure prior to 9.1R18x
Ivanti Connect Secure prior to 22.1R6x
Ivanti Connect Secure prior to 22.2R4x
Ivanti Connect Secure prior to 22.3R1x
Ivanti Connect Secure prior to 22.4R1x
Ivanti Connect Secure prior to 22.4R2x
Ivanti Connect Secure prior to 22.5R1x
Ivanti Connect Secure prior to 22.5R2x
Ivanti Connect Secure prior to 22.6R1x
Ivanti Connect Secure prior to 22.6R2x
ZTA prior to 22.5R1x
ZTA prior to 22.6R1x
Ivanti Policy Secure prior to 9.1R18x
Ivanti Policy Secure prior to 22.5R1x
Ivanti Policy Secure prior to 9.1R17x
Ivanti Policy Secure prior to 22.4R1x
Ivanti Policy Secure prior to 22.6R1x
Ivanti Policy Secure prior to 9.1R16x

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US