Cyber999 Advisories

1.0 Introduction
Recently, Ivanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti Desktop and Server Management (DSM), Ivanti Connect Secure and Police Secure, Ivanti Sentry, and Ivanti Patch SDK.

2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

• Ivanti Cloud Service Application
• Ivanti Desktop and Server Management (DSM)
• Ivanti Connect Secure and Policy Secure
• Ivanti Sentry
• Ivanti Patch SDK (This also affects Ivanti Endpoint Manager (EPM), Ivanti Security Controls, Ivanti Neurons Agent, Ivanti Neurons for Patch Management, and Ivanti Patch for Configuration Manager.)

4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review  Ivanti Security Release  for more information and apply the necessary updates.

Kindly refer to the following URLs for more information:

• Ivanti Cloud Service Application:  https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?_gl=1*1um9u3h*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• Ivanti Desktop and Server Management (DSM):  https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Desktop-and-Server-Management-DSM-CVE-2024-7572?_gl=1*1um9u3h*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• Ivanti Connect Secure and Policy Secure:  https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?_gl=1*1um9u3h*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• Ivanti Sentry:  https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?_gl=1*yua64f*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• Ivanti Patch SDK: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256?_gl=1*yua64f*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.mycert.org.my  

5.0 References

• https://www.ivanti.com/blog/topics/security-advisory
• https://www.cisa.gov/news-events/alerts/2024/12/10/ivanti-releases-security-updates-multiple-products
• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256?_gl=1*yua64f*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?_gl=1*yua64f*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?_gl=1*1um9u3h*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Desktop-and-Server-Management-DSM-CVE-2024-7572?_gl=1*1um9u3h*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5
• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?_gl=1*1um9u3h*_gcl_au*MTU2NDA3ODU5NC4xNzM0MDYyMTI5