Name of the Vulnerable Software and Affected Versions:

Ivanti Connect Secure versions 9.0 through 9.1, 22.1 through 22.3

Ivanti Policy Secure versions 9.0 through 9.1, 22.1 through 22.3

Description:

A command injection vulnerability in the web components of Ivanti Connect Secure and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. This issue is being actively exploited in the wild, with threat actors targeting Ivanti edge devices. According to detection methods, there are approximately 8.7K vulnerable IPs out of 29K exposed. The Earth Estries APT group is also exploiting this vulnerability to target critical sectors and industries worldwide.

Recommendations:

For Ivanti Connect Secure versions 9.0 through 9.1, 22.1 through 22.3: Apply the workaround provided by Ivanti to mitigate the risk of exploitation.

For Ivanti Policy Secure versions 9.0 through 9.1, 22.1 through 22.3: Apply the workaround provided by Ivanti to mitigate the risk of exploitation.

As a temporary workaround, consider disabling access to the vulnerable web components until a patch is available.

Restrict access to the affected appliances to minimize the risk of exploitation.