Ivanti has released an early access version of Ivanti Workspace Control (IWC) 2024.3 to address several critical vulnerabilities that could allow attackers to escalate privileges and move laterally within networks. These vulnerabilities were discovered in IWC versions 10.18.0.0 and below and include authentication bypass flaws, DLL hijacking, and issues with the transmission of sensitive data in cleartext. The vulnerabilities were found in the management console of IWC, and successful exploitation requires local authenticated access, with privileges escalated to potentially system-level access. The early access release, Ivanti Workspace Control 2024.3 (10.18.99.0), includes a new product architecture designed to address these security flaws.
The vulnerabilities in Ivanti Workspace Control include CVE-2024-8012, CVE-2024-44105, CVE-2024-44104, CVE-2024-44107, CVE-2024-44103, and CVE-2024-44106. These issues were rated high severity, with CVSS scores ranging from 7.8 to 8.8, and could enable an attacker to escalate privileges or execute arbitrary code. Among the issues, CVE-2024-44105 describes a cleartext transmission of sensitive information in the management console, which could allow attackers to obtain OS credentials, while CVE-2024-44104 and CVE-2024-44107 involve DLL hijacking vulnerabilities that could lead to privilege escalation and arbitrary code execution. Ivanti has emphasized that these vulnerabilities must be addressed to prevent potential exploitation.
Ivanti has confirmed that at the time of the release, no customers had been reported as affected by these vulnerabilities. However, the company has advised customers to upgrade to the new architecture as soon as possible to mitigate the risks. The early access release allows users to familiarize themselves with the changes before the General Availability (GA) version becomes available, which is expected in October 2024. Ivanti has also highlighted that the end-of-life status of Ivanti Workspace Control, set for December 31, 2026, means that customers who do not wish to adopt the new architecture can migrate to Ivanti User Workspace Manager as an alternative solution.
A known issue with the early access release is that the Secondary Datastore (also known as Split/Join Datastore) feature is currently unsupported. This feature will be restored in the GA release of Ivanti Workspace Control 2024.3. Ivanti has provided clear instructions on how customers can migrate to the new IWC architecture, and the company has also reminded users to trust the TLS certificate used by the ShieldAPI during installation. These updates and instructions are designed to help users secure their environments and ensure continued protection against the vulnerabilities identified in IWC.
Reference:
