| A vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution. Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access to corporate data and applications for remote and mobile users, offering features like single sign-on, multi-factor authentication, and integration with various security frameworks. Ivanti Policy Secure (IPS) is a Network Access Control (NAC) solution that provides network access only to authorized and secured users and devices, offering comprehensive NAC management, visibility, and monitoring to protect networks and sensitive data. Ivanti Neurons for Zero Trust Access (ZTA) Gateway is a component of Ivanti’s zero-trust network access solution. Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, a threat actor could then install programs and view, change, or delete data. |
| Threat Intelligence Ivanti is aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support (EOS) Pulse Connect Secure 9.1x appliances have been exploited at the time of disclosure. |
| Systems Affected |
| Pulse Connect Secure 9.1R18.9 and prior (EOS) Ivanti Connect Secure 22.7R2.5 and prior Ivanti Policy Secure 22.7R1.3 and prior ZTA Gateways 22.8R2 and prior |
| Risk Government: – Large and medium government entities: High – Small government entities: Medium |
| Businesses: – Large and medium business entities: High – Small business entities: Medium |
| Home Users: Low |
| Recommendations |
| Apply appropriate updates provided by Ivanti to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them. Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. |