Saturday, June 15, 2024

Ivanti discloses 2 New zero-days, one already under exploitation

Two new zero-day vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure products that are assigned with CVE-2024-21888 and CVE-2024-21893. Additionally, one of the vulnerabilities (CVE-2024-21893) has been reported to be exploited by threat actors in the wild.

However, Ivanti has released a security advisory for patching these vulnerabilities and urges all their customers to patch them accordingly. It is worth noting that Ivanti Connect Secure was reported with a zero-day earlier this month, which was also exploited by threat actors in the wild. 

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

2 New Zero-days

CVE-2024-21888: Privilege Escalation vulnerability

This vulnerability exists due to a web component of Ivanti Connect Secure and Ivanti Policy Secure that allows a threat actor to elevate their privileges to that of an administrator.

The prerequisite for exploiting this vulnerability requires the threat actor to have a user privilege on the vulnerable device.

The severity for this vulnerability was given as 8.8 (High). There has been no evidence of exploitation for this vulnerability.

CVE-2024-21893: Server-Side Request Forgery

This vulnerability exists in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA, which allows a threat actor to access some unrestricted resources without any authentication.

The severity for this vulnerability was given as 8.2 (High). This vulnerability has been reported to be exploited by threat actors in the wild.

In addition to this, both of these vulnerabilities have been added to the CISA’s Known Vulnerability Catalog alongside the previously exploited vulnerabilities CVE-2024-21887 and CVE-2023-46805

Affected Products and Fixed in Version

Affected ProductsVulnerable versionsFixed in versions
Ivanti Connect Secure9.x and 22.xversions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3.
Ivanti Policy Secure9.x and 22.x

It is recommended that users of these products upgrade to the latest versions to prevent these vulnerabilities from being exploited by threat actors.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles