Show threadNot SimonMar 20, 2024

CVE-2023-41724 was reported by NATO Cyber Security Centre, indicating NATO’s interest/vulnerability research on Ivanti products and maybe even a possible connection to Endpoint Manager Mobile (EPMM) zero-days CVE-2023-35078 (10.0 critical, NVD 9.8) and CVE-2023-35081 (7.2 high) used to compromise NATO member Norway in July 2023.

#Ivanti #vulnerability #CVE_2023_41724 #CVE_2023_46808 #IvantiSentry #IvantiNeurons

Show threadNot SimonMar 20, 2024

Why you should care about CVE-2023-41724 and CVE-2023-46808:
Previous Ivanti Connect Secure zero-days were exploited by Chinese state-sponsored APTs since at least December 2023. The attackers were able to maintain persistence even after factory resetting devices, and had webshells in directories that the internal integrity checking tool didn't scan. Even CISA, who put out an Emergency Directive instructing U.S. federal civilian executive branch agencies to disconnect Ivanti Connect Secure products from their networks, was compromised themselves and forced to take two systems offline according to The Record

#Ivanti #vulnerability #CVE_2023_41724 #CVE_2023_46808 #IvantiSentry #IvantiNeurons

CISA forced to take two systems offline last month after Ivanti compromise

Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said.

Not SimonMar 20, 2024

Ivanti security advisories:

  • CVE-2023-41724 (9.6 critical) RCE in Ivanti Standalone Sentry
  • CVE-2023-46808 (9.9 critical) Authenticated Remote File Write for Ivanti Neurons for ITSM

There is a patch available now via the standard download portal.  We strongly encourage on-prem customers to act immediately to ensure they are fully protected. We are not aware of any customers being exploited by this vulnerability at the time of disclosure.

#Ivanti #vulnerability #CVE_2023_41724 #CVE_2023_46808 #IvantiSentry #IvantiNeurons

Ivanti Community