Updated Mitigations to Defend Against Exploitation of Ivanti services - 20240131002¶
Overview¶
CISA has released new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices CVE-2023-46805 and CVE-2024-21887.
What is vulnerable?¶
Product(s) Affected | Summary | Severity | CVSS |
---|---|---|---|
ICS 9.1R18 | High | 8.2 | |
ICS 22.6R2 | High | 8.2 | |
IPS 9.1R18 | High | 8.2 | |
IPS 22.6R2 | High | 8.2 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):