Security

Mitigation Instructions for CVE-2024-21887

Written by CyRisk Vulnerability Management Team | Feb 23, 2024 9:41:49 PM

SUBJECT: Mitigation for Ivanti Connect Secure and Policy Secure Command Injection Vulnerability (CVE-2024-21887)

TECH STACK: Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x)

DATE(S) ISSUED: 01/12/2024

NVD Last Modified: 01/22/2024

CRITICALITY: HIGH (CVSS Score: 9.1)

OVERVIEW: 

This vulnerability affects Ivanti Connect Secure and Policy Secure versions 9.x and 22.x. It allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance, potentially compromising data, installing backdoors, or launching further attacks.

SOLUTION/MITIGATION: 

Immediate Action:

  1. Upgrade: Apply the latest patch from Ivanti. As of today, the patched versions are:

    • Ivanti Connect Secure: 22.3
    • Ivanti Policy Secure: 22.3
  2. Rotate application key: Even after upgrading, change your application key to minimize the risk of attackers exploiting previously compromised keys.

Additional Protective Measures:

  1. Input Validation and Sanitization: Implement strong input validation and sanitization, especially for user-provided data, to prevent attackers from injecting malicious code.
  2. Content Security Policy (CSP): Enable CSP to restrict the types of scripts and resources that can be loaded on your website, further hindering attackers' attempts to execute malicious code.
  3. Least Privilege: Grant users only the minimum privileges necessary for their roles.
  4. Network Segmentation: Segment your network to isolate critical systems and minimize the potential impact of an attack.
  5. Regular Backups: Maintain regular backups of your data to facilitate recovery in case of an attack.
  6. Security Awareness Training: Train your administrators on secure coding practices and how to identify and avoid phishing attacks.

Confirmation & Additional Information:

  • Verify that the vulnerability is no longer present after applying the patch using a vulnerability scanner or manual testing.
  • This guide is intended for informational purposes only and should not be considered a substitute for professional security advice.
  • It is important to consult with a qualified security professional to assess your specific risks and implement appropriate mitigation measures.
  • Regularly update your systems and applications to stay protected against the latest vulnerabilities.

REFERENCES: