overview
This week, Ivanti patched two critical vulnerabilities, tracked as CVE-2023-41724 (CVSS 9.6) and CVE-2023-46808 (CVSS 9.9). The first vulnerability, CVE-2023-41724, impacts Ivanti Standalone Sentry, a gateway appliance utilized by organizations for various functions including interfacing with ActiveSync-enabled email servers and serving as a Kerberos Key Distribution Center Proxy (KKDCP) server.
CVE-2023-41724 is a Remote Code Execution (RCE) flaw that could allow an unauthenticated attacker within the same network to execute arbitrary commands on the appliance's operating system. Although Ivanti has not received reports of customer compromises, the company strongly advises all users to apply the provided patch immediately to mitigate any potential risks. The patch, available for all supported versions (9.17.0, 9.18.0, and 9.19.0), can be downloaded from the standard portal.
CVE-2023-46808 impacts Ivanti Neurons for ITSM, an IT service management solution. The vulnerability could allow an authenticated remote attacker to write files to sensitive directories, potentially leading to the execution of arbitrary commands within the context of the web application's user. Ivanti advises organizations to upgrade their on-premise installations to versions that have the fix (v2023.3, 2023.2, or 2023.1) as soon as possible.
Although CVE-2023-41724 and CVE-2023-46808 have not been exploited in the wild, Avertium strongly advises all users to promptly apply the patches. Particularly in light of recent reports indicating exploitation attempts targeting Ivanti software by suspected cyber espionage clusters with ties to China.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-41724 and CVE-2023-46808. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION