InfoSecBulletin Cybersecurity for mankind
Ivanti issued a security advisory about two important vulnerabilities in its Neurons for IT Service Management (ITSM) platform. Customers using the on-premise version should act quickly. The vulnerabilities (CVE-2024-7569 and CVE-2024-7570) affect Ivanti Neurons for ITSM versions 2023.4 and older, putting them at risk of unauthorized data access and system compromise.
Vulnerabilities and Potential Impacts:
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
Vulnerability CVE-2024-7569 has a high severity score of 9.6. It allows an unauthenticated attacker to access the OIDC client secret through exposed debug information, which could lead to unauthorized access to sensitive information within the ITSM environment.
The vulnerability is a big concern for organizations that use OIDC authentication in their ITSM systems. If the client secret is exposed, the authentication process could be compromised. This means attackers could pretend to be real users or services.
The second vulnerability, CVE-2024-7570, has a CVSS score of 8.3 and stems from the improper validation of certificates in Ivanti Neurons for ITSM. This weakness allows a malicious actor positioned in the Man-in-the-Middle (MITM) to create a harmful token, which grants undesired access to the ITSM system, posing as any user. The repercussions of this vulnerability are extremely grave, as unauthorized access, data manipulation, or even the critical disruption of IT services can occur.
Patch Availability and Urgency for On-Premise Customers:
Ivanti has fixed vulnerabilities in their cloud-based Ivanti Neurons for ITSM as of August 4, protecting cloud customers. On-premise customers using versions 2023.4 and earlier should apply the available patches quickly to reduce the risks from these vulnerabilities.
Impact and Recommendations:
These vulnerabilities affect customers using Ivanti Neurons for ITSM with OIDC authentication. Ivanti hasn’t seen these vulnerabilities being exploited, but it’s important to act quickly due to the critical nature of the issues.
