/ivanti-VPN-issues-2024-research

Invanti VPN Vulnerabilities for Jan - Feb 2024 - Links to Keep it all Organized

Ivanti VPN Issues 2024 Jan-Feb

CVE-2023-46805 and CVE-2024-21887 - disclosed Wed, Jan 10

Resource Type Link Notes
CVE CVE-2023-46805 Authentication Bypass
CVE CVE-2024-21887 Command Execution for Authn'd Admins
Vendor KB Article KB-2023-46805-and-2024-21887
Exploit Metasploit module Chains together CVE-2023-46805 and CVE-2024-21887
Blog Post Ivanti Zero-day Vulnerabilities: CVE-2023-46805 & CVE-2024-21887 Blog post by Caitlin Condon at Rapid7
CISA Alert Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways CISA Alert 2024/01/10
Blog Ivanti Connect Secure Exploited to Install Cryptominers GreyNoise blog on vuln monetization via crytomining

CVE-2024-21888 and CVE-2024-21893 - disclosed Wed, Jan 31

Resource Type Link Notes
CVE CVE-2024-21888 Privilege escalation in web interface from user to administrator
CVE CVE-2024-21893 SSRF allowing user-level access without authentication
Vendor KB Article KB-CVE-2024-21888-and-21893
Press Ivanti patches two zero-days under attack, but finds another TechCrunch piece on third and fourth vulns
CISA Directive CISA Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities CISA Supplemental Directive updated for third and fourth vulns
Press All federal civilian agencies ordered to disconnect at-risk Ivanti products by Friday The Record by RecordedF Future News reporting on the CISA directive

CVE-2024-22024 - disclosed Friday 2/9/24

Resource Type Link Notes
Vendor KB CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure Ivanti Knowledge base article on fifth vulnerability
Exploit Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure unvetted PoC for CVE-2024-22024
Press Ivanti: Patch new Connect Secure auth bypass bug immediately Bleeping Computer article on CVE-2024-22024
Press Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Register article on fifth vulnerability
Discoverer Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti? Watchtowr Labs article on discovering vuln
CVE CVE-2024-22024 Authentication Bypass via XXE in SAML
Press Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor Press re using CVE-2024-22024 to install the DSLog backdoor
Whitepaper / CERT Report Ivanti Connect Secure: Journey to the core of the DSLog backdoor Orange Cyberdefense paper on DSLog backdoor

CVE and Vendor Knowledge Base Links by Vulnerability

CVE Link Type Vendor KB
CVE-2023-46805 Authentication Bypass KB-2023-46805-and-2024-21887
CVE-2024-21887 Command Execution for Authn'd Admins KB-2023-46805-and-2024-21887
CVE-2024-21888 Privilege escalation in web interface from user to administrator KB-CVE-2024-21888-and-21893
CVE-2024-21893 SSRF allowing user-level access without authentication KB-CVE-2024-21888-and-21893
CVE-2024-22024 Authentication Bypass via XXE in SAML KB-CVE-2024-22024