Get a demo

Voyager18 (research)

CISA confirms Ivanti vulnerability exploitation: What we know

Unveiling the impact of the CISA breach through Ivanti vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893): A call to action for enhanced cyber security and immediate vulnerability patching

Yair Divinsky | March 12, 2024

In the wake of recent events, it has become increasingly evident that the vulnerabilities plaguing Ivanti products pose significant risks to organizations, with even governmental agencies falling prey to exploitation.  

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that it was breached through vulnerabilities in Ivanti products, shedding light on the urgency of addressing these issues promptly. 

Here’s what we know so far: 

TL;DR

A breach at the Cybersecurity and Infrastructure Security Agency (CISA), attributed to vulnerabilities in Ivanti products (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893), has highlighted significant security risks. Critical systems were compromised, raising concerns about national security and the integrity of sensitive information.

 

Ivanti vulnerabilities exploited

Reports from The Record indicate that CISA took two systems offline last month following a breach attributed to vulnerabilities in Ivanti products, specifically CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.  

Hackers exploited these vulnerabilities, compromising systems crucial to the agency’s operations. Although CISA has remained tight-lipped about the specifics of the breach, it has been disclosed that the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT) were among the systems affected.  

These systems house critical information concerning the interdependency of U.S. infrastructure and private sector chemical security plans, respectively. 

 

The impact of the breach

The breach raises concerns about the integrity of sensitive industrial information stored within the compromised systems.  

While CISA reassures that there is no operational impact at present, the potential repercussions of such breaches on national security cannot be understated.  

To emphasize this point, let’s consider the remarkable high EPSS scores of the CVEs: 

EPSS in focus

CVE”: “CVE-2024-21893″ 

 “EPSS”: “0.962490000″ 

  “percentile”: “0.994810000″ 

 

“CVE”: “CVE-2024-21887″ 

 “EPSS: “0.973020000″ 

 “Percentile”: “0.998570000″ 

  

 “CVE”: “CVE-2023-46805″ 

 “EPSS: “0.962740000″ 

 “Percentile”: “0.994880000″ 

The lack of clarity surrounding the nature of the attack, including whether data was accessed or stolen, further underscores the need for enhanced cyber security measures. 



 

Ivanti’s troubles in 2024

TechRadar elaborates on the broader context of Ivanti’s vulnerabilities, highlighting the company’s tumultuous start to 2024.  

Ivanti’s Endpoint Management Software (EPM) was first flagged for a critical vulnerability allowing remote code execution (RCE), associated with CVE-2023-46805.

Subsequent discoveries of additional flaws exacerbated the situation, with threat actors exploiting these vulnerabilities to deploy various forms of malware and infostealers. 

 

Urgent call to action

The exploitation of Ivanti vulnerabilities, particularly in critical governmental agencies like CISA, serves as a stark reminder of the pervasive threat posed by cyber security vulnerabilities.  

It is imperative for organizations to heed warnings issued by security agencies and promptly patch any identified vulnerabilities.  

Additionally, comprehensive incident response plans must be in place to mitigate the impact of potential breaches. 

 

Next steps 

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. 2023 Vulnerability watch reports 
  2. The MITRE ATT&CK framework: Getting started
  3. The true impact of exploitable vulnerabilities for 2024
  4. Multi-cloud security challenges – a best practice guide
  5. How to properly tackle zero-day threats

Get rid of silos;

Start owning exposure risk

Test drive the leader in exposure risk management