Ivanti has released security updates to address multiple significant security vulnerabilities affecting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA). These vulnerabilities could allow attackers to execute arbitrary code on affected systems. The vulnerabilities include a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 that allows a remote authenticated attacker to achieve remote code execution.
Another vulnerability involves code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution. The updated versions that address these vulnerabilities are Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3, and Ivanti CSA 5.0.5. The company notes that it is not aware of any active exploitation of these vulnerabilities. However, due to the increasing targeting of Ivanti appliances by malicious actors, applying the latest patches promptly is strongly recommended.
Ivanti updates address code execution vulnerabilities
JPCERT/CC reported that a now-patched vulnerability in Ivanti Connect Secure was being exploited to deliver an updated version of the SPAWN malware framework, dubbed SPAWNCHIMERA. The malware includes enhancements to inter-process communication via UNIX domain sockets and attempts to secure the exploit against reuse by other attackers.
Ivanti acknowledged the targeting and exploitation of its edge products by sophisticated threat actors. The company is committed to improving its software, adopting secure-by-design principles, and raising defenses against potential abuse by adversaries. Daniel Spicer, Ivanti CSO, stated, “While these products are not the ultimate target, they are increasingly the route that well-resourced nation-state groups are focusing on for espionage campaigns against extremely high-value organizations.”
Ivanti has taken significant steps to enhance its security posture, including improved internal scanning, manual exploitation, and testing capabilities, increasing collaboration and information sharing within the security ecosystem, and becoming a CVE Numbering Authority for better vulnerability disclosure management.
These developments highlight the critical importance of timely patch management and vigilance in cybersecurity practices to mitigate risks from evolving threats. Users of the affected Ivanti products are strongly urged to update to the latest versions to safeguard their systems against potential attacks.
