pentera.io
Open in
urlscan Pro
141.193.213.10
Public Scan
Submitted URL: https://go.pentera.io/e3t/Ctc/RG+113/cySQt04/VWdG7083WbN4W7cN_0q1BhVxtW6rg8CD59jq4PN1sYgZn3lYMRW7Y8-PT6lZ3m2W4q8Cs-3CM...
Effective URL: https://pentera.io/blog/ivanti-zero-day-vulnerabilities-understand-your-impact/?utm_medium=email&_hsmi=293309648&_h...
Submission: On February 09 via manual from US — Scanned from DE
Effective URL: https://pentera.io/blog/ivanti-zero-day-vulnerabilities-understand-your-impact/?utm_medium=email&_hsmi=293309648&_h...
Submission: On February 09 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="input-form">
<script charset="utf-8" type="text/javascript" src="//js.hsforms.net/forms/embed/v2.js"></script>
<script data-hubspot-rendered="true">
hbspt.forms.create({
region: "na1",
portalId: "4700023",
formId: "977ade25-3cae-49d7-b4e2-302aa270f3bb"
});
</script>
<div id="hbspt-form-9d07c446-94db-437f-a840-e6269bba5d2c" class="hbspt-form" data-hs-forms-root="true">
<fieldset class="form-columns-1">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your " for="email-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-977ade25-3cae-49d7-b4e2-302aa270f3bb" name="email" required="" placeholder="Email address*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_blog_default_hubspot_blog_5927901100_subscription hs-blog_default_hubspot_blog_5927901100_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_default_hubspot_blog_5927901100_subscription-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your Notification Frequency"
for="blog_default_hubspot_blog_5927901100_subscription-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_default_hubspot_blog_5927901100_subscription" class="hs-input" type="hidden" value="weekly"></div>
</div>
</fieldset>
<fieldset class="form-columns-3">
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_source"
for="utm_source-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value="hs_email"></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_medium"
for="utm_medium-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value="email"></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-3">
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_content"
for="utm_content-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value="293309648"></div>
</div>
<div class="hs_utm_reseller hs-utm_reseller hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_reseller-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_reseller"
for="utm_reseller-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_reseller</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_reseller" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_term"
for="utm_term-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1707509997676","formDefinitionUpdatedAt":"1705653401440","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36","pageTitle":"Ivanti Zero-Day Vulnerabilities: Understand Your Impact - Pentera","pageUrl":"https://pentera.io/blog/ivanti-zero-day-vulnerabilities-understand-your-impact/?utm_medium=email&_hsmi=293309648&_hsenc=p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw&utm_content=293309648&utm_source=hs_email","urlParams":{"utm_medium":"email","_hsmi":"293309648","_hsenc":"p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw","utm_content":"293309648","utm_source":"hs_email"},"isHubSpotCmsGeneratedPage":false,"formTarget":"#hbspt-form-9d07c446-94db-437f-a840-e6269bba5d2c","rumScriptExecuteTime":1684.2000007629395,"rumTotalRequestTime":1913.6000003814697,"rumTotalRenderTime":1945.6000003814697,"rumServiceResponseTime":229.5,"rumFormRenderTime":32,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1707509997778,"originalEmbedContext":{"portalId":"4700023","formId":"977ade25-3cae-49d7-b4e2-302aa270f3bb","region":"na1","target":"#hbspt-form-9d07c446-94db-437f-a840-e6269bba5d2c","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"9d07c446-94db-437f-a840-e6269bba5d2c","renderedFieldsIds":["email","blog_default_hubspot_blog_5927901100_subscription","utm_source","utm_medium","utm_campaign","utm_content","utm_reseller","utm_term"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.4662","sourceName":"forms-embed","sourceVersion":"1.4662","sourceVersionMajor":"1","sourceVersionMinor":"4662","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1707509997744,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Ivanti Zero-Day Vulnerabilities: Understand Your Impact - Pentera\",\"pageUrl\":\"https://pentera.io/blog/ivanti-zero-day-vulnerabilities-understand-your-impact/?utm_medium=email&_hsmi=293309648&_hsenc=p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw&utm_content=293309648&utm_source=hs_email\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36\",\"urlParams\":{\"utm_medium\":\"email\",\"_hsmi\":\"293309648\",\"_hsenc\":\"p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw\",\"utm_content\":\"293309648\",\"utm_source\":\"hs_email\"},\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1707509997745,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""}]}"><iframe
name="target_iframe_977ade25-3cae-49d7-b4e2-302aa270f3bb" style="display: none;"></iframe>
</div>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/4700023/977ade25-3cae-49d7-b4e2-302aa270f3bb
<form id="hsForm_977ade25-3cae-49d7-b4e2-302aa270f3bb" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/4700023/977ade25-3cae-49d7-b4e2-302aa270f3bb"
class="hs-form-private hsForm_977ade25-3cae-49d7-b4e2-302aa270f3bb hs-form-977ade25-3cae-49d7-b4e2-302aa270f3bb hs-form-977ade25-3cae-49d7-b4e2-302aa270f3bb_3fdffb98-9cd8-4fe3-8417-1e4aca6e3016 hs-form stacked"
target="target_iframe_977ade25-3cae-49d7-b4e2-302aa270f3bb" data-instance-id="3fdffb98-9cd8-4fe3-8417-1e4aca6e3016" data-form-id="977ade25-3cae-49d7-b4e2-302aa270f3bb" data-portal-id="4700023"
data-test-id="hsForm_977ade25-3cae-49d7-b4e2-302aa270f3bb">
<fieldset class="form-columns-1">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your " for="email-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-977ade25-3cae-49d7-b4e2-302aa270f3bb" name="email" required="" placeholder="Email address*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_blog_default_hubspot_blog_5927901100_subscription hs-blog_default_hubspot_blog_5927901100_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_default_hubspot_blog_5927901100_subscription-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your Notification Frequency"
for="blog_default_hubspot_blog_5927901100_subscription-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_default_hubspot_blog_5927901100_subscription" class="hs-input" type="hidden" value="weekly"></div>
</div>
</fieldset>
<fieldset class="form-columns-3">
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_source"
for="utm_source-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value="hs_email"></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_medium"
for="utm_medium-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value="email"></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-3">
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_content"
for="utm_content-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value="293309648"></div>
</div>
<div class="hs_utm_reseller hs-utm_reseller hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_reseller-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_reseller"
for="utm_reseller-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_reseller</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_reseller" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-977ade25-3cae-49d7-b4e2-302aa270f3bb" class="" placeholder="Enter your utm_term"
for="utm_term-977ade25-3cae-49d7-b4e2-302aa270f3bb"><span>utm_term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1707509997833","formDefinitionUpdatedAt":"1705653401440","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36","pageTitle":"Ivanti Zero-Day Vulnerabilities: Understand Your Impact - Pentera","pageUrl":"https://pentera.io/blog/ivanti-zero-day-vulnerabilities-understand-your-impact/?utm_medium=email&_hsmi=293309648&_hsenc=p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw&utm_content=293309648&utm_source=hs_email","urlParams":{"utm_medium":"email","_hsmi":"293309648","_hsenc":"p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw","utm_content":"293309648","utm_source":"hs_email"},"isHubSpotCmsGeneratedPage":false,"formTarget":"#hbspt-form-3fdffb98-9cd8-4fe3-8417-1e4aca6e3016","rumScriptExecuteTime":1700.6000003814697,"rumTotalRequestTime":2088.2000007629395,"rumTotalRenderTime":2108.2000007629395,"rumServiceResponseTime":387.6000003814697,"rumFormRenderTime":20,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1707509997941,"originalEmbedContext":{"portalId":"4700023","formId":"977ade25-3cae-49d7-b4e2-302aa270f3bb","region":"na1","target":"#hbspt-form-3fdffb98-9cd8-4fe3-8417-1e4aca6e3016","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"3fdffb98-9cd8-4fe3-8417-1e4aca6e3016","renderedFieldsIds":["email","blog_default_hubspot_blog_5927901100_subscription","utm_source","utm_medium","utm_campaign","utm_content","utm_reseller","utm_term"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.4662","sourceName":"forms-embed","sourceVersion":"1.4662","sourceVersionMajor":"1","sourceVersionMinor":"4662","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1707509997919,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Ivanti Zero-Day Vulnerabilities: Understand Your Impact - Pentera\",\"pageUrl\":\"https://pentera.io/blog/ivanti-zero-day-vulnerabilities-understand-your-impact/?utm_medium=email&_hsmi=293309648&_hsenc=p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw&utm_content=293309648&utm_source=hs_email\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36\",\"urlParams\":{\"utm_medium\":\"email\",\"_hsmi\":\"293309648\",\"_hsenc\":\"p2ANqtz-_vF9VMXqSseffYJ2NfMq8JarObl4b7sP4xLo71iKGHjJyrBoGG56eDQ6I01VLos8BmrLsRFi3gU0WxP0hCnJ96wipcYaxiewX5QF5TWPCtvmlSVgw\",\"utm_content\":\"293309648\",\"utm_source\":\"hs_email\"},\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1707509997920,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""}]}"><iframe
name="target_iframe_977ade25-3cae-49d7-b4e2-302aa270f3bb" style="display: none;"></iframe>
</form>Text Content
* Platform
* Pentera Platform
* Pentera Core
* Pentera Surface
* Credential Exposure
* RansomwareReady™
* Research
* Company
* About Pentera
* Partners
* Leadership
* Newsroom
* Careers
* Contact us
* Resources
* Research papers
* Blog
* Cybertoons
* Case studies & testimonials
* Whitepapers
* Webinars
* Podcasts
* Datasheets
Contact us Customer login Book a demo
Support
English
* English
* 日本語
Gartner's Top Strategic Technology Trends for 2024
READ MORE>
The State of Pentesting 2023 Survey Report
READ MORE>
Pentera Labs™: How to Attack & Protect WebLogic Server
READ MORE>
February 7, 2024
IVANTI ZERO-DAY VULNERABILITIES: UNDERSTAND YOUR IMPACT
IVANTI GROUND ZERO
On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and
CVE-2024-21887, impacting its Ivanti Connect Secure and Ivanti Policy Secure
products in supported versions (9.x and 22.x). Successful exploitation can
result in authentication bypass and command injection, leading to
unauthenticated remote code execution and lateral movement inside the victim’s
network.
Then on January 31, 2024 Ivanti disclosed two more vulnerabilities that were
discovered while investigating the previous two flaws: a privilege escalation
vulnerability tracked as CVE-2024-21888 and a Server-Side Request Forgery (SSRF)
in the SAML component CVE-2024-21893. The latter can allow attackers to access
restricted resources without authentication and was also exploited as a
zero-day. “We have no evidence of customers being impacted by CVE-2024-21888 at
this time, and we are aware of a limited number of customers impacted by
CVE-2024-21893,” the company said. Exploitation is expected to rise, however:
“Ivanti expects the threat actor to change their behavior and we expect a sharp
increase in exploitation.”
Mitigation was introduced on February 1, 2024 where fixed versions were made
available for all impacted products. However, the US Cybersecurity and
Infrastructure Security Agency (CISA) issued a directive to all federal agencies
to disconnect the impacted Ivanti products from their networks by end of Friday,
February 2, 2024 and perform additional forensic analysis and clean-up steps in
case they’ve already been compromised.
In this blog, we explain how adversaries exploit the Ivanti CVE-2023-46805 and
CVE-2024-21887 vulnerabilities. We then show how security teams can use Pentera
to determine their organizations’ risk exposure resulting from these CVEs and
what remediation or mitigation actions they need to take.
Test your security readiness against Ivanti zero-days with a free Pentera
assessment
WHY THE IVANTI VULNERABILITIES MATTER
The recent discovery of two critical vulnerabilities in Ivanti’s security suite
– CVE-2023-46805 and CVE-2024-21887 – has sent ripples through the cybersecurity
landscape. Ivanti Connect Secure and Ivanti Policy Secure, affected by these
issues, play crucial roles in securing corporate data and controlling network
access. Their compromise exposes both external and internal assets, further
complicating mitigation and remediation efforts.
The two vulnerabilities announced earlier this month, tracked as CVE-2023-46805
and CVE-2024-21887, allow threat actors to establish persistent system access
and move laterally across a target network while performing data exfiltration
operations. At the heart of the problem is the dual functionality of the
affected Ivanti products. Ivanti Connect Secure facilitates employee access to
critical resources from a range of external devices, while Ivanti Policy Secure
serves as a Network Access Control (NAC) solution, granting internal network
access solely to authorized devices and users.
With vulnerabilities present across both systems, attackers can exploit them to
gain unauthorized access from outside the organization to its internal network.
This situation presents a dual risk: externally, through compromised access, and
internally, by circumventing controls designed to protect the network from
unauthorized access. This combination of vulnerabilities highlights the need for
continuous security control validation that covers both external entry points
and internal network access controls, ensuring existing protections are
effective against such complex threats.
TESTING THE IMPACT OF THE IVANTI VULNERABILITIES WITH PENTERA
To grasp the real-world impact of the Ivanti vulnerabilities, it’s crucial to
assess not only their exploitability but also the actions an attacker could
undertake to propagate an attack and compromise sensitive resources
post-exploitation. Pentera does just this, in a fully automated manner,
on-demand across an organization’s entire infrastructure. The Pentera Platform
automatically uncovers real exposure in the organization’s environment,
challenging the complete IT attack surface—including internal, external, and
cloud components—by safely emulating attacker behavior, to deliver real-time
security validation at scale.
To identify the impact of CVE 2023-46805 and CVE-2024-21887, Pentera starts with
the discovery of the organization’s digital estate. As seen in image 1 below,
Pentera discovered an Ivanti product and effectively exploited the two
vulnerabilities, enabling remote code execution on the targeted host machine.
Image 1 – CVE 2023-46805 and CVE-2024-21887 Successful Exploitation
Yet, the demonstration of successful exploitation marks only the beginning.
Attackers don’t stop at exploitation – they double down, unleashing
sophisticated attacks.
Bearing this in mind, Pentera extends automation to post-exploitation testing,
demonstrating how an attacker will propagate their attack after gaining an
initial foothold in the network. This encompasses the execution of advanced
Tactics, Techniques, and Procedures (TTPs):
* Remote Code Execution (RCE) and Defense Evasion: Pentera executes code
remotely on a system while employing defense evasion strategies to circumvent
antivirus (AV) and endpoint detection and response (EDR) systems.
* Privilege Escalation: Pentera uses multiple techniques to attempt a
transition from low-privilege user access to elevated privileges.
* C&C Communication: After establishing a Command & Control (C&C) channel,
Pentera tests the ability of an attacker to use it, by mimicking C&C
communications.
* Data Exfiltration: To achieve unauthorized data transfer from a network to an
attacker-controlled location, Pentera emulates exfiltration techniques.
Image 2 – Attack Map
Image 2 illustrates Pentera’s achievement of a full attack kill-chain that
exploits the two Ivanti CVEs.
* The root cause of the attack is exploitation of the Ivanti Authentication
Bypass vulnerability which allows access to the host.
* The attack then exploits the RCE vulnerability to execute code remotely on
the host, initiating contact with the Command and Control (C&C) Server for a
malicious executable download.
* Pentera emulates various adversary tactics to reinforce the foothold on the
network, leveraging local privilege escalation, to intensify potential
damage.
CONCLUSION & RECOMMENDATIONS
Organizations using Ivanti’s products should heed the recommended mitigations
and stay informed about patch releases. We recommend following the guidance
outlined in the Ivanti blog post on this activity. Ivanti customers are urged to
implement mitigation as soon as possible and to follow the post for upcoming
patch release schedules. Ivanti recommends customers awaiting patches to apply
the mitigation, run the external Ivanti’s Integrity Checker Tool (ICT) to check
for evidence of exploitation.
For Pentera customers – look for findings in your upcoming security validation
test runs indicating that CVE 2023-46805 and CVE-2024-21887 were found and
proven exploitable in your network. We also recommend running a follow-up test
if you see such findings, to validate that any mitigation or remediation steps
taken are effective.
Get your Pentera security readiness assessment to identify exposure and test
your defenses against the Ivanti vulnerabilities.
Written by: Or Smolnik
Show all articles by Or Smolnik
Learn more about automated security validation
Resource center
Get blog updates via email
Notification Frequency
utm_source
utm_medium
utm_campaign
utm_content
utm_reseller
utm_term
Trending
Ivanti Zero-Day Vulnerabilities: Understand Your Impact
Ivanti Ground Zero On January 10, 2024, Ivanti disclosed two vulnerabilities,
CVE-2023-46805 and CVE-2024-21887, impacting its Ivanti Connect Secure and
Ivanti Policy Secure products in supported versions (9.x and 22.x). Successful
exploitation can result in authentication bypass and command injection, leading
to unauthenticated remote code execution and lateral movement inside the
victim’s network. Then on […]
How to attack and protect WebLogic server
WebLogic is a popular enterprise middleware tool that orchestrates the
interaction between backend systems and frontend clients. This makes it a
valuable tool for attackers, who can exploit it to access and influence a wide
range of organizational applications. In this blog post, we explore how to
install a persistent backdoor on WebLogic Server. We […]
Why cyber defenders should embrace a hacker mindset
Today’s security leaders must manage a constantly evolving attack surface and a
dynamic threat environment due to interconnected devices, cloud services, IoT
technologies, and hybrid work environments. Adversaries are constantly
introducing new attack techniques, and not all companies have internal Red Teams
or unlimited security resources to stay on top of the latest threats. On […]
Learn more about our platform
Platform
Liked it? You should share it!
*
*
*
Next>
How to attack and protect WebLogic server
WebLogic is a popular enterprise middleware tool that orchestrates the
interaction between backend systems and frontend clients. This makes it a
valuable tool for attackers, who can exploit it to access and influence a wide
range of organizational applications. In this blog post, we explore how to
install a persistent backdoor on WebLogic Server. We […]
STAY IN THE KNOW
Subscribe to our newsletter
Notification Frequency
utm_source
utm_medium
utm_campaign
utm_content
utm_reseller
utm_term
Contact us
* Fake column111111111
* Platform
* Pentera Platform
* Pentera Core
* Pentera Surface
* Credential Exposure
* RansomwareReady™
* Partners
* Become a partner
* Partner login
* Company
* About Pentera
* Leadership
* Newsroom
* Careers
* Contact us
* Resources
* Research papers
* Blog
* Cybertoons
* Case studies
* Webinars
* Podcasts
* Whitepapers
* Glossary
* What is ASV?
Legal hub © All rights reserved Pentera 2024