Ivanti Critical Vulnerabilities v1.0.2

This pack handles CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893 - Ivanti critical vulnerabilities

Author:
Cortex XSOAR
Support:
xsoar
URL:
https://www.paloaltonetworks.com/cortex
agentixxsiam
Case Management

README

Ivanti Critical Vulnerabilities

Ivanti has recently disclosed four critical vulnerabilities in their VPN devices, identified as CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893, with active exploitation reported. These security flaws impact all supported versions of Ivanti Connect Secure and Ivanti Policy Secure gateways, including versions 9.x and 22.x, and Ivanti Neurons for ZTA.

This pack will provide you with a first response kit which includes:

  • Threat Hunting
  • IoC Collection and Remediation
  • Mitigation Measures

References:

Unit42 Threat Brief: Multiple Ivanti Vulnerabilities

CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways