News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Multiple vulnerabilities within Ivanti Connect Secure and Ivanti Policy Secure gateways

Multiple vulnerabilities within Ivanti Connect Secure and Ivanti Policy Secure gateways

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00am, 1 March 2024

TLP Rating: Clear

Multiple vulnerabilities within Ivanti Connect Secure and Ivanti Policy Secure gateways

The National Cyber Security Centre (NCSC) and CERT NZ have joined international partners to release a cyber security advisory in response to the active exploitation of multiple vulnerabilities within Ivanti Connect Secure and Ivanti Policy Secure gateways. 

What's happening

Systems affected

The authoring organisations and industry partners have observed persistent targeting by a variety of cyber threat actors of these vulnerabilities: 

The vulnerabilities can be used in a chain of exploits to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. Exploiting them may enable: 

  • lateral movement,  
  • data exfiltration,
  • web shell deployment,
  • credential theft (including domain administrators), and
  • persistent access on a target network. 

What this means

This joint advisory provides technical details on observed tactics used by these threat actors and indicators of compromise to help organisations detect malicious activity. All organisations using these devices should assume a sophisticated threat actor could gain persistence and remain dormant before launching an attack. Organisations are urged to exercise caution when assessing the risks of continuing to operate these devices. 

What to look for

How to tell if you're at risk

To help organisations understand the impact of this threat, the joint advisory includes key findings from testing conducted by CISA from an attacker’s perspective.

What to do

Prevention

“This advisory clearly shows that malicious actors are continuing to seek out, and actively exploit, vulnerabilities in commonly used technology and software,” says Rob Pope, Director CERT NZ, part of New Zealand's NCSC. 

“Businesses need to stay alert to these vulnerabilities and immediately follow all steps to mitigate or prevent attacks from happening. We strongly recommend that anyone working in the IT sector sign up for updates from their country’s cyber security agencies to stay ahead of the bad guys.” 

The NCSC, along with our partners, recommends that software manufacturers adopt secure-by-design and secure-by-default principles in their development practices. Following these principles will reduce the number and impact of avoidable vulnerabilities and insecure configurations that put organisations at risk. 

All organisations are urged to review the advisory and implement recommended actions and mitigations.