Flash Notice: Two Critical Vulnerabilities Patched by Ivanti

overview

This week, Ivanti patched two critical vulnerabilities, tracked as CVE-2023-41724 (CVSS 9.6) and CVE-2023-46808 (CVSS 9.9). The first vulnerability, CVE-2023-41724, impacts Ivanti Standalone Sentry, a gateway appliance utilized by organizations for various functions including interfacing with ActiveSync-enabled email servers and serving as a Kerberos Key Distribution Center Proxy (KKDCP) server.  

CVE-2023-41724 is a Remote Code Execution (RCE) flaw that could allow an unauthenticated attacker within the same network to execute arbitrary commands on the appliance's operating system. Although Ivanti has not received reports of customer compromises, the company strongly advises all users to apply the provided patch immediately to mitigate any potential risks. The patch, available for all supported versions (9.17.0, 9.18.0, and 9.19.0), can be downloaded from the standard portal. 

CVE-2023-46808 impacts Ivanti Neurons for ITSM, an IT service management solution. The vulnerability could allow an authenticated remote attacker to write files to sensitive directories, potentially leading to the execution of arbitrary commands within the context of the web application's user. Ivanti advises organizations to upgrade their on-premise installations to versions that have the fix (v2023.3, 2023.2, or 2023.1) as soon as possible.  

Although CVE-2023-41724 and CVE-2023-46808 have not been exploited in the wild, Avertium strongly advises all users to promptly apply the patches. Particularly in light of recent reports indicating exploitation attempts targeting Ivanti software by suspected cyber espionage clusters with ties to China. 

avertium's recommendationS

• Ivanti’s advisory states that there is a patch available via the standard download portal for Ivanti Standalone Sentry Supported Release (9.17.1, 9.18.1 and 9.19.1).  
• To access the patch, login to the standard download portal. You may find further instruction in Ivanti’s advisory.  

• Ivanti’s advisory states that the hotfix has been applied to all Ivanti Neurons for ITSM landscapes. 
• For on premise customers, there is a patch available on the Ivanti Neurons for ITSM Downloads page for each respective 2023.X version. This will require upgrading to 2023.X to apply the patch. You may find further instruction in Ivanti’s advisory.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-41724 and CVE-2023-46808. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
  • Risk Assessments 
  • Pen Testing and Social Engineering  
  • Infrastructure Architecture and Integration  
  • Zero Trust Network Architecture 
  • Vulnerability Management 

• We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

SUPPORTING DOCUMENTATION