Information and coverage on the Ivanti Connect Secure (ICS) (CVE-2023-46805 & CVE-2024-21887)

9674

Created On 01/17/24 18:36 PM - Last Modified 01/24/24 07:39 AM

Vulnerability Protection

Threat Prevention

Strata

Question

Does Palo Alto Networks firewall provide information and coverage on the Ivanti Connect Secure (ICS) (CVE-2023-46805 & CVE-2024-21887)?

Palo Alto Networks provides the below vulnerability coverage for the Ivanti Connect Secure (ICS) (CVE-2023-46805 & CVE-2024-21887) that was released in Applications and Threat content update package version 8799
- Unique Threat ID: 94885 Ivanti Multiple Products Authentication Bypass Vulnerability
- Unique Threat ID: 94888 Ivanti Multiple Products Command Injection Vulnerability
- Unique Threat ID: 94886 Ivanti Multiple Products Command Injection Vulnerability

Ivanti released the below article on more information of both, CVE-2023-46805 & CVE-2024-21887
- https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CVE-2023-46805:
- An authentication bypass vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
CVE-2024-21887:
- A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. This vulnerability can be exploited over the internet.