Ivanti patches critical flaws in multiple products

Probably the most extreme of those flaws is a vital authentication bypass vulnerability in vTM, tracked as CVE-2024-7593.

This flaw may permit malicious actors to bypass authentication and achieve full administrative management over affected programs.

Based on the corporate, the vulnerability stems from an incorrect implementation of an authentication algorithm inside the vTM software program, which could be exploited by distant attackers.

Whereas Ivanti has confirmed no recognized exploitation makes an attempt up to now, the supply of public exploit code has heightened issues.

“We’re not conscious of any clients being exploited by this vulnerability on the time of disclosure. Nonetheless, a Proof of Idea is publicly obtainable, and we urge clients to improve to the newest patched model,” Ivanti stated in a security advisory.

This vulnerability has been addressed in vTM variations 22.2R1 (affected model 22.2) and 22.7R2 (affected model 22.7R1). Updates for different variations are scheduled for launch within the coming days.

Ivanti advises directors to rigorously evaluation audit logs for any suspicious exercise, such because the creation of recent administrator accounts named “user1” or “user2.”

To mitigate dangers, the corporate recommends limiting entry to the vTM administration interface to inner networks or non-public IP addresses.

This may be accomplished by navigating to System > Safety and choosing the specified IP handle or limiting entry to trusted IP addresses within the ‘bindip’ dropdown.

“Clients who’ve ensured their administration interface is certain to an inner community or non-public IP handle have considerably diminished their assault floor. It’s business finest follow and suggested by Ivanti within the community configuration steering to limit entry to the administration interface,” the corporate stated.

Along with the vTM vulnerability, Ivanti has addressed vital and high-severity flaws in its Neurons for IT Service Administration (ITSM) software program.

CVE-2024-7569, a vital data disclosure vulnerability, may permit attackers to entry delicate knowledge, whereas CVE-2024-7570, a high-severity bug, may allow distant attackers to bypass authentication and achieve unauthorised entry to ITSM programs.

“These points solely impression clients who make the most of Ivanti Neurons for ITSM with OIDC authentication,” Ivanti said.

“The patch has been utilized to all Ivanti Neurons for ITSM Cloud landscapes as of August 4. No additional motion is required for cloud clients, we strongly urge on-prem clients to behave instantly to make sure they’re absolutely protected,” it added.

Along with these bugs, Ivanti has patched 5 high-severity vulnerabilities in its Avalanche enterprise mobility and administration instrument, which may doubtlessly result in denial of service, distant code execution, and different malicious actions.

These flaws are the newest in a string of security issues plaguing Ivanti’s product line.

In April, Ivanti released security patches to repair 4 vital vulnerabilities affecting its Join Safe and Coverage Safe gateways. The failings (CVE-2024-21894, CVE-2024-22052, CVE-2024-22053 and CVE-2024-22023) posed a major threat to companies, together with potential code execution and denial-of-service assaults.

In February, the corporate patched a vital authentication bypass flaw affecting Ivanti Join Safe, Coverage Safe, and ZTA gateways, which was actively exploited by cybercriminals.

Furthermore, Ivanti VPN home equipment have been below relentless assault since December 2023 attributable to a mixture of vulnerabilities, together with CVE-2023-46805 and CVE-2024-21887. These zero-day exploits have allowed attackers to bypass authentication and execute malicious instructions.

Sensi Tech Hub
Logo