Ivanti is warning of hackers abusing two newly discovered vulnerabilities to take over vulnerable gateways.
Cybersecurity researchers from Mandiant and Volexity recently discovered two zeroday flaws: CVE202346805 (authentication bypass), and CVE202421887 (command injection vulnerability).
These two flaws allow malicious unauthenticated individuals to run arbitrary commands on vulnerable endpoints via specially crafted requests, especially when chained together.
“If CVE202421887 is used in conjunction with CVE202346805, exploitation does not require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system,” Ivanti said.
At the moment, a patch isn’t available, but is in the works. In the meantime, the company is providing a method of mitigation. “It is critical that you immediately take action to ensure you are fully protected,” the company reiterated. “We are providing mitigation now while the patch is in development to prioritize the best interest of our customers.
According to Ivanti, the patches will be available in the coming weeks, “the first version targeted to be available to customers the week of 22 January and the final version targeted to be available the week of 19 February.” Until then, users are advised to import mitigation.release.20240107.1.xml file, which can be found on the company’s download portal.
The company also said that there is evidence of the two vulnerabilities being used in the wild to attack some customers.
Volexity experts believe the attackers are of Chinese origin and that they are statesponsored.