Uncovered Additional Vulnerabilities in Ivanti Connect Secure, Accoring to Researchers' Findings
In a recent report, Shadowserver has indicated ongoing exploitation of previously discovered vulnerabilities in Ivanti's products, specifically Ivanti Connect Secure and Ivanti Policy Secure. The report, released on Monday, suggests that the exploitation of the newly discovered vulnerability, CVE-2024-22024, is beginning.
This new vulnerability was actually discovered by the Singapore-based firm watchTowr. However, Ivanti initially claimed that they had internally discovered the vulnerability, but later backtracked on this claim. watchTowr contacted Ivanti through their responsible disclosure program regarding CVE-2024-22024, but Ivanti failed to properly credit watchTowr for their efforts.
Researchers at watchTowr have stated that the process of accelerated mitigations can lead to the creation of new flaws. This is because rapid patch deployment can reduce the time for thorough testing, potentially leading to incomplete fixes or new bugs. Such issues could provide attackers with new entry points, as demonstrated by the latest vulnerability.
The exploitation of these vulnerabilities occurred almost two weeks after Ivanti released initial security patches for multiple vulnerabilities. Threat activity continues on previously discovered vulnerabilities, according to Shadowserver's report.
Benjamin Harris, founder and CEO at watchTowr, said in an interview that they have repeatedly seen new vulnerabilities being introduced when patches are rushed. He emphasised the importance of balancing quick vulnerability mitigation with robust development and testing processes to maintain secure and stable software.
The new vulnerability, CVE-2024-22024, is an XML external entity (XXE) vulnerability in the security assertion markup language component of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateways. An attacker can gain access to restricted resources without the need to authenticate due to this vulnerability.
The potential consequences of accelerated patching on vulnerability creation are significant. Rapid patch deployment can lead to insufficient testing, regression issues, overlooked security flaws, increased attack surface, and resource strain. These factors underscore the importance of thorough testing and proper acknowledgment of the work of researchers in the process of patching vulnerabilities.
In conclusion, the ongoing exploitation of Ivanti's vulnerabilities serves as a reminder of the importance of a balanced approach to patching, ensuring both quick mitigation and robust development and testing processes. Proper credit to security researchers, such as watchTowr, is also crucial in fostering a collaborative and secure digital environment.
- The cybersecurity industry is currently grappling with the exploitation of a new vulnerability, CVE-2024-22024, in Ivanti's products, such as Ivanti Connect Secure and Ivanti Policy Secure, which was discovered by the Singapore-based firm watchTowr.
- The report by Shadowserver highlights that the crime-and-justice sector must remain vigilant, as threat activity is ongoing on previously discovered vulnerabilities in data-and-cloud-computing platforms like Ivanti's.
- The general-news media should shed light on the importance of cybersecurity, as watchTowr's findings underscore the need for a balanced approach to patching, emphasizing thorough testing and proper acknowledgement of security researchers' efforts, like their own, for maintaining secure and stable technology.
