The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management 2024

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us

The knowledge you need to manage and protect your attack surface.

What's New Blog

Emerging Security Issue: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887

By Emma Zaballos
Product Marketing Manager
January 24, 2024

What are the issues? 

Earlier this month, Ivanti disclosed two new vulnerabilities affecting their popular Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure remote access SSL VPN systems. Identified as CVE-2023-46805 and CVE-2024-21887, these vulnerabilities were assigned base scores of 8.2 (high) and 9.1 (critical) and affect software versions 9.x and 22.x. 

What’s the impact? 

Because CVE-2023-46805 allows attackers to bypass control checks and CVE-2024-21887 gives authenticated administrators the ability to execute arbitrary commands, chaining these vulnerabilities together allows attackers to run unauthenticated commands on the exploited systems. 

Since Ivanti Connect Secure is used to give employees access to sensitive corporate resources from a variety of web-connected devices, these CVEs have a serious impact on companies’ abilities to secure critical data. Their network access control (NAC) solution, Ivanti Policy Secure, also controls access to sensitive information by only providing network access to authorized devices and users and monitoring usage of critical applications. 

Are these issues currently being exploited? 

Unfortunately for users, these issues are actively being exploited in the wild. Volexity and Mandiant have both identified instances of individuals and groups, including nation-state threat actors, taking advantage of CVE-2023-46805 and CVE-2024-21887.  

Can it be patched? 

No patch is available for these issues as of January 17th, 2024. However, Ivanti has announced plans to release patches on a staggered schedule beginning on January 22nd and ending on February 19th, 2024. In the meantime, customers are advised to use a workaround provided by Ivanti. Users can also use Ivanti’s Integrity Checker Tool to identify evidence of compromise. 

How does CyCognito identify assets vulnerable to CVE-2023-46805 and CVE-2024-21887? 

CyCognito actively tests all customer assets for these vulnerabilities. First, the test attempts to append a subdirectory to the base URL attached to a potentially compromised asset. If this new URL is valid, the page is searched for key phrases, text, and a specific status associated with vulnerable versions of Connect Secure and Policy Secure.  

How does this affect CyCognito users? 

CyCognito customers will see a pop-up notification providing a short overview of this vulnerability, Ivanti’s advised action, and a list of vulnerable assets. 

Figure 1: A pop-up notification in the CyCognito dashboard notifying users about CVE-2023-46805 and CVE-2024-21887

This notification provides shortcuts to read the full text of the issues advisory, check for IPs running the vulnerable software, investigate these CVEs within available issue data, and contact CyCognito customer support for assistance. Once patches are available, customers will also be able to identify patchable and already-patched assets. 

Figure 2: Asset details and screenshot for an IP address asset in the CyCognito dashboard attached to an Ivanti Connect Secure device. 

While Volexity identified over 1,700 compromised assets worldwide, CyCognito identified only 30 vulnerable assets under monitoring. Affected customers have already been contacted directly by their customer support team. 

If you’re curious about your attack surface and want to understand your external risks, you may be interested in CyCognito. Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you find, actively test, and prioritize your vulnerable assets, please visit our Contact Us page to schedule a demo.


Recent Posts

Top Tags

CyCognito Research Report

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.