Ivanti Discloses 2 New zero-days, 1 Under Active Exploitation

Two new zero-day vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure products that are assigned with CVE-2024-21888 and CVE-2024-21893. Additionally, one of the vulnerabilities (CVE-2024-21893) has been reported to be exploited by threat actors in the wild.

However, Ivanti has released a security advisory for patching these vulnerabilities and urges all their customers to patch them accordingly. It is worth noting that Ivanti Connect Secure was reported with a zero-day earlier this month, which was also exploited by threat actors in the wild.

Document

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

- Advertisement -

2 New Zero-days

CVE-2024-21888: Privilege Escalation vulnerability

This vulnerability exists due to a web component of Ivanti Connect Secure and Ivanti Policy Secure that allows a threat actor to elevate their privileges to that of an administrator.

The prerequisite for exploiting this vulnerability requires the threat actor to have a user privilege on the vulnerable device.

The severity for this vulnerability was given as 8.8 (High). There has been no evidence of exploitation for this vulnerability.

CVE-2024-21893: Server-Side Request Forgery

This vulnerability exists in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA, which allows a threat actor to access some unrestricted resources without any authentication.

The severity for this vulnerability was given as 8.2 (High). This vulnerability has been reported to be exploited by threat actors in the wild.

In addition to this, both of these vulnerabilities have been added to the CISA’s Known Vulnerability Catalog alongside the previously exploited vulnerabilities CVE-2024-21887 and CVE-2023-46805.

Affected Products and Fixed in Version

Affected Products	Vulnerable versions	Fixed in versions
Ivanti Connect Secure	9.x and 22.x	versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3.
Ivanti Policy Secure	9.x and 22.x

It is recommended that users of these products upgrade to the latest versions to prevent these vulnerabilities from being exploited by threat actors.

Ivanti discloses 2 New zero-days, one already under exploitation

AI-Powered Protection for Business Email Security

2 New Zero-days

CVE-2024-21888: Privilege Escalation vulnerability

CVE-2024-21893: Server-Side Request Forgery

Affected Products and Fixed in Version

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

Meta Removed 2 Million Account Linked to Malicious Activities

Free Webinar

Protect Websites & APIs from Malware Attack

Discussion points

More like this

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2024