Ivanti devices hit by wave of exploits for latest security hole

Various miscreants are attempting to exploit the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 that can be used to hijack equipment.

Ivanti on January 31 disclosed and began patching CVE-2024-21893, which is present in the SAML component of of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) appliances. The vendor spotted the flaw as it was investigating and scrambling to patch two other zero-day bugs in those products: an authentication bypass vulnerability (CVE-2023-46805), and a common injection flaw (CVE-2024-21887), both of which are also under attack.

“The SSRF can be chained to CVE-2024-21887 for unauthenticated command injection with root privileges,” Rapid7 principal security researcher Stephen Fewer added on February 2.

When asked about the attacks this month, an Ivanti spokesperson directed The Register to its earlier security alert. As of February 1, the vendor had issued a patch addressing all known vulnerabilities for Ivanti Connect Secure version 22.5R2.2 and Ivanti Policy Secure 22.5R1.1.

Ivanti devices hit by wave of exploits for latest security hole

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Ivanti devices hit by wave of exploits for latest security hole

05-Feb-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address