QID 731074
Date Published: 2024-01-11
QID 731074: Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Multiple Vulnerabilities
Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure Gateway contain the following vulnerabilities:
- CVE-2023-46805: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
- CVE-2024-21887: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Ivanti Connect Secure (ICS) versions 9.x and 22.x
NOTE:
This QID does not check for applied mitigation.
Patched version has not been released by vendor yet.
QID Detection Logic (Unauthenticated):
This QID assesses whether a susceptible version is installed. It examine the endpoint "/api/v1/configuration/users/user-roles/user-role/rest-userrole1/web/web-bookmarks/bookmark" and confirming if it returns a 403 Forbidden status code with no accompanying response data.
This QID checks for installed vulnerable version of Ivanti Connect Secure (ICS) and Ivanti Policy Secure by sending GET request to endpoint "dana-na/nc/nc_gina_ver.txt".
Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to transmit malicious requests and execute arbitrary commands on a targeted system.
Please refer to Workaround details to mitigate this vulnerability.
CVEs related to QID 731074
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| 000090122 |
forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US |