- Posted March 01, 2024
The NCSC and CERT NZ have today joined international partners to release a cyber security advisory in response to the active exploitation of multiple vulnerabilities within Ivanti Connect Secure and Ivanti Policy Secure gateways.
The authoring agencies of this advisory include:
- The Cybersecurity and Infrastructure Security Agency (CISA)(external link)
- Federal Bureau of Investigation (FBI)(external link)
- Multi-State Information Sharing & Analysis Center (MS-ISAC)(external link)
- Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC)(external link)
- United Kingdom’s National Cyber Security Centre (NCSC)(external link)
- Canadian Centre for Cyber Security (Cyber Centre) a part of the Communications Security Establishment(external link)
The authoring organisations and industry partners have observed persistent targeting of these vulnerabilities by a variety of cyber threat actors. These vulnerabilities (CVE-2023-46805(external link), CVE-2024-21887(external link), CVE- 2024-22024(external link), and CVE-2024-21893(external link)) can be used in a chain of exploits to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. In turn, exploitation of these vulnerabilities may allow lateral movement, data exfiltration, web shell deployment, credential theft including domain administrators, and persistent access on a target network.
This joint advisory provides technical details on observed tactics used by these threat actors and indicators of compromise to help organisations detect malicious activity. All organisations using these devices should assume a sophisticated threat actor could achieve persistence and may lay dormant for a period of time before conducting malicious activity. Organisations are urged to exercise due caution in making appropriate risk decisions when considering whether to continue operating these devices.
“This advisory clearly shows that malicious actors are continuing to seek out, and actively exploit, vulnerabilities in commonly used technology and software," says Rob Pope, Director CERT NZ, a part of New Zealand's National Cyber Security Centre.
“Businesses need to stay alert to these vulnerabilities and immediately follow all steps to mitigate or prevent attacks from happening. We strongly recommend that anyone working in the IT sector sign up for updates from their country’s cyber security agencies to stay ahead of the bad guys.”
To assist organisations with understanding the impacts of this threat, the joint advisory provides key findings from a variety of tests conducted by CISA from an attacker’s perspective.
The NCSC-NZ, along with our partners, recommend that software manufacturers incorporate secure-by-design and -default principles and tactics into their software development practices. By aligning to these principles, we will reduce the prevalence and impact of avoidable vulnerabilities and insecure configurations that jeopardize the safety of organisations around the world.
All organisations are urged to review the advisory and implement recommended actions and mitigations.
For more NCSC updates, follow the NCSC on LinkedIn.(external link)