InfoSecBulletin Cybersecurity for mankind
Ivanti issued a security advisory about two important vulnerabilities in its Neurons for IT Service Management (ITSM) platform. Customers using the on-premise version should act quickly. The vulnerabilities (CVE-2024-7569 and CVE-2024-7570) affect Ivanti Neurons for ITSM versions 2023.4 and older, putting them at risk of unauthorized data access and system compromise.
Vulnerabilities and Potential Impacts:
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Vulnerability CVE-2024-7569 has a high severity score of 9.6. It allows an unauthenticated attacker to access the OIDC client secret through exposed debug information, which could lead to unauthorized access to sensitive information within the ITSM environment.
The vulnerability is a big concern for organizations that use OIDC authentication in their ITSM systems. If the client secret is exposed, the authentication process could be compromised. This means attackers could pretend to be real users or services.
The second vulnerability, CVE-2024-7570, has a CVSS score of 8.3 and stems from the improper validation of certificates in Ivanti Neurons for ITSM. This weakness allows a malicious actor positioned in the Man-in-the-Middle (MITM) to create a harmful token, which grants undesired access to the ITSM system, posing as any user. The repercussions of this vulnerability are extremely grave, as unauthorized access, data manipulation, or even the critical disruption of IT services can occur.
Patch Availability and Urgency for On-Premise Customers:
Ivanti has fixed vulnerabilities in their cloud-based Ivanti Neurons for ITSM as of August 4, protecting cloud customers. On-premise customers using versions 2023.4 and earlier should apply the available patches quickly to reduce the risks from these vulnerabilities.
Impact and Recommendations:
These vulnerabilities affect customers using Ivanti Neurons for ITSM with OIDC authentication. Ivanti hasn’t seen these vulnerabilities being exploited, but it’s important to act quickly due to the critical nature of the issues.
