In a recent security disclosure, Ivanti has raised an alarm regarding two newly discovered high-severity vulnerabilities in its Connect Secure and Policy Secure products, with one already subjected to targeted exploitation in the wild. The identified flaws include CVE-2024-21888, a privilege escalation vulnerability allowing users to elevate privileges to administrator levels, and CVE-2024-21893, a server-side request forgery vulnerability enabling unauthorized access to restricted resources.
While no current evidence of customer impact exists for CVE-2024-21888, Ivanti acknowledges targeted exploitation of CVE-2024-21893, anticipating an escalation in exploitation post-public disclosure. Ivanti has responded with patches for various versions, recommending customers factory reset their appliances before applying the fix. Concurrently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issues an advisory highlighting the exploitation of these vulnerabilities to capture credentials, deploy web shells, and the subversion of existing mitigation methods by sophisticated threat actors. This further compounds the urgency for organizations to address these vulnerabilities promptly.
Articles Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation https://thehackernews.com/2024/01/alert-ivanti-discloses-2-new-zero-day.html
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html