Ivanti Neurons for ITSM is vulnerable to a critical flaw tracked as CVE-2024-46808. Successful exploitation of the vulnerability may allow an attacker to write files to sensitive directories.
Ivanti has mentioned in the advisory that there are no reports of any exploitation attempts of the vulnerability.
Ivanti Neurons for ITSM is a cloud-based IT service management (ITSM) platform that can help businesses become more efficient, secure, and compliant. Ivanti Neurons for ITSM is designed to expand with user’s increasing needs. It is available as a perpetual or subscription-based license per asset and analyst.
Vulnerability Description
An attacker must be authenticated to exploit the vulnerability. A remote user can write files to the ITSM server by exploiting the vulnerability. An authenticated remote attacker may write files to sensitive directories, allowing attackers to execute commands in the web application’s user context.
Affected versions
This vulnerability impacts Ivanti Neurons for ITSM versions 2023.3, 2023.2, and 2023.1.
Mitigation
Ivanti has released a hotfix, which has been applied to all Ivanti Neurons for ITSM landscapes cloud customers.
For On-Premise Customers: A patch is available on the Ivanti Neurons for ITSM Downloads page for each 2023.X version. This will require upgrading to 2023.X to apply the patch.
Please refer to the Knowledge Base Article for more information regarding accessing and applying the remediations.
Qualys Detection
Qualys customers can scan their devices with QID 379527 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM?language=en_US
https://forums.ivanti.com/s/article/CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM?language=en_US