API security

Immediate patching of critical Ivanti vulnerabilities urged

The vast majority of cyber intrusions exploit well-known vulnerabilities that are easy to identify and correct, Scott noted. Agencies must take immediate action on DHS Vulnerability Scan Reports they receive each week, reporting back on progress and challenges within 30 days.

Ivanti has urged organizations to immediately remediate critical vulnerabilities impacting its Standalone Sentry appliance and Neurons for ITSM IT service management solution with available patches, according to BleepingComputer.

All supported Standalone Sentry versions are affected by the flaw, tracked as CVE-2023-41724 and identified by NATO Cyber Security Centre researchers, which could be leveraged to facilitate arbitrary command execution, said Ivanti. While command execution attacks are also possible with the exploitation of the Neurons for ITSM bug, tracked as CVE-2023-46808, Ivanti emphasized that there has been no in-the-wild abuse of both security issues. Such an advisory from Ivanti comes amid persistent attacks targeting Ivanti vulnerabilities, with several Connect Secure VPN zero-days leveraged in Chinese cyberattacks since January. Such flaws, which continued to affect more than 13,000 Ivanti Connect Secure and Policy Secure instances last month, have prompted the Cybersecurity and Infrastructure Security Agency to order the immediate deactivation of all vulnerable instances.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.