Ivanti Issues Critical Fixes for ITSM Vulnerabilities (CVE-2024-7569 and CVE-2024-7570)
Ivanti has released a security advisory addressing two significant vulnerabilities in its Neurons for IT Service Management (ITSM) platform, urging on-premise customers to take immediate action. The vulnerabilities, identified as CVE-2024-7569 and CVE-2024-7570, affect Ivanti Neurons for ITSM versions 2023.4 and earlier, with potential risks ranging from unauthorized information disclosure to full system compromise.
Vulnerabilities and Potential Impacts
The first and most critical vulnerability, CVE-2024-7569, has been assigned a CVSS score of 9.6, indicating its high severity. This flaw allows an unauthenticated attacker to access the OIDC client secret through exposed debug information. Exploiting this vulnerability could enable an attacker to gain unauthorized access to sensitive information, potentially leading to further exploitation within the ITSM environment.
This vulnerability is particularly concerning for organizations that rely on OIDC (OpenID Connect) authentication within their ITSM systems. The exposure of the client secret could compromise the integrity of the entire authentication process, allowing attackers to impersonate legitimate users or services.
The second vulnerability, CVE-2024-7570, with a CVSS score of 8.3, arises from improper certificate validation within Ivanti Neurons for ITSM. This flaw enables a remote attacker in a Man-in-the-Middle (MITM) position to craft a malicious token that could grant them access to the ITSM system as any user. The implications of this vulnerability are severe, as it could lead to unauthorized access, data manipulation, or even the disruption of critical IT services.
Patch Availability and Urgency for On-Premise Customers
Ivanti has already applied patches to all cloud-based Ivanti Neurons for ITSM environments as of August 4, ensuring that cloud customers are protected from these vulnerabilities. However, on-premise customers must act quickly to secure their systems. Ivanti strongly recommends that all on-premise customers using versions 2023.4 and earlier apply the available patches immediately to mitigate the risks associated with these vulnerabilities.
Impact and Recommendations
These vulnerabilities specifically impact customers who utilize Ivanti Neurons for ITSM with OIDC authentication. Although Ivanti has not observed any exploitation of these vulnerabilities in the wild, the availability of the patch and the critical nature of the issues necessitate prompt action.
