Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News
Threat Landscape

European security agencies publish joint statement on Ivanti Connect Secure, Policy Secure vulnerabilities

February 07, 2024
European security agencies publish joint statement on Ivanti Connect Secure, Policy Secure vulnerabilities

Following the January emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), European cybersecurity counterparts released Tuesday a joint statement on Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities. The agencies provide assessment and advice on recovery and mitigating actions and recommend that all organizations regularly check the guidance provided by the CSIRTs Network members and CERT-EU for the latest assessment and advice.

The European Commission, ENISA, the EU Agency for Cybersecurity, CERT-EU, Europol, and the network of the EU national computer security incident response teams (CSIRTs network), have been closely following the active exploitation of vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure Gateway products, commercial virtual private network (VPN) solutions previously known as Pulse Connect Secure. 

“Following the initial disclosure of two vulnerabilities at the beginning of January, two additional vulnerabilities were disclosed on 31 January 2024, which impact all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateway products and make it possible for attackers to run commands on the system,” according to the joint statement. “Broader exploitation of the initially disclosed vulnerabilities had been observed already as early as mid-January.”

Organizations should be further aware that the EU Cyber Resilience Act (CRA), once in force, will require manufacturers of hardware and software products, including VPN solutions, to follow security-by-design principles throughout the lifecycle of such products. This includes the remediation of vulnerabilities without delay. Given their criticality, VPN solutions will be subject to strict conformity assessment requirements.

The joint advisory added that ENISA and all relevant EU actors will continue to monitor this threat to contribute to the overall situational awareness at the Union level. It also recognized that organizations must respond appropriately to the latest developments to resume their critical business activities.

Last week, the U.K.’s National Cyber Security Center (NCSC) released an advisory regarding vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. It is recommended that organizations promptly address these Ivanti vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893) and adhere to the latest guidance from the vendor.

The NCSC recommends running the Ivanti external Integrity Checker Tool (ICT) that offers a snapshot of the current state of the appliance and cannot necessarily detect threat actor activity if they have returned the appliance to a clean state. The ICT does not scan for malware or IoCs. 

Organizations must also check for compromise using the detection steps and indicators of compromise (IoCs) published. If an update for the organization’s version is not currently available, install the vendor temporary workaround, monitor the Ivanti KB article, and install the security update once it is available for the relevant version.

The vendor recommends performing a factory reset before installing the update. Lastly, the agency recommends performing continuous monitoring and threat-hunting activities.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings