Outdated Linux and Libraries in Ivanti Pulse Secure Appliances
In a recent analysis of Ivanti Pulse Secure appliances, it has been discovered that the software is utilizing outdated Linux versions and libraries, raising concerns about the security of software supply chains.
Aging Infrastructure
The investigation conducted by Eclypsium revealed that the base operating system employed by Ivanti for their devices is CentOS 6.4, a version that has long surpassed its end-of-life status. Furthermore, the Linux kernel version being used is 2.6.32, which reached its end-of-life in March 2016.
The presence of antiquated software packages within the Ivanti Connect Secure product poses a substantial security risk. For instance, Perl remains stagnant at version 5.6.1, a release dating back 23 years to April 9, 2001. The reliance on such outdated components exposes the system to potential vulnerabilities and exploits.
Outdated Linux Libraries
Exploitable Weaknesses
Recent incidents have demonstrated threat actors exploiting various vulnerabilities present in Ivanti’s products, including Connect Secure, Policy Secure, and ZTA gateways. Notable vulnerabilities such as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 have been leveraged by malicious entities. Additionally, Ivanti disclosed another critical bug, CVE-2024-22024, which could enable unauthorized access to restricted resources.
Escalation of Scanning Activities
Akamai, a prominent web infrastructure company, observed a surge in scanning activities targeting CVE-2024-22024 following the release of a proof-of-concept on February 9, 2024. This heightened scanning activity signifies the urgency for organizations to address these vulnerabilities promptly.
Unveiling Security Gaps
By employing a proof-of-concept exploit for CVE-2024-21893, Eclypsium managed to establish a reverse shell on the PSA3000 appliance, exposing numerous outdated packages and vulnerable libraries. The Integrity Checker Tool (ICT) recommended by Ivanti to detect compromise indicators was found to have significant limitations, excluding multiple directories from scans. This oversight could potentially enable threat actors to implant persistent threats and circumvent integrity checks.
Emphasizing Transparency and Vigilance
The lack of transparency and openness in digital supply chains poses a significant challenge for customers and third-parties seeking to validate product integrity and security. Without adequate information sharing, malicious actors can exploit these gaps, underscoring the critical need for enhanced controls and visibility.