CISA, U.S., and International Partners Warn of Ongoing Exploitation of Multiple Ivanti Vulnerabilities

Home / Articles / External / Government

Source: Shutterstock

March 5, 2024 | Originally published by CISA on February 29, 2024

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC), United Kingdom’s National Cyber Security Centre (NCSC), Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment, and New Zealand’s National Cyber Security Centre (NCSC-NZ) and Computer Emergency Response Team (CERT-NZ) released a Cybersecurity Advisory (CSA) today in response to the active exploitation of multiple vulnerabilities within Ivanti Connect Secure and Ivanti Policy Secure gateways.

The authoring organizations and industry partners have observed persistent targeting of these vulnerabilities by a variety of cyber threat actors. These vulnerabilities (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) can be used in a chain of exploits to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. In turn, exploitation of these vulnerabilities may allow lateral movement, data exfiltration, web shell deployment, credential theft including domain administrators, and persistent access on a target network.