Skip to content

Updated Mitigations to Defend Against Exploitation of Ivanti services - 20240131002

Overview

CISA has released new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices CVE-2023-46805 and CVE-2024-21887.

What is vulnerable?

Product(s) Affected Summary Severity CVSS
ICS 9.1R18 High 8.2
ICS 22.6R2 High 8.2
IPS 9.1R18 High 8.2
IPS 22.6R2 High 8.2

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

Additional References