Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation
12-Feb-24
The recently disclosed server-side request forgery (SSRF) vulnerability (CVE-2024-21893) in Ivanti VPN products is undergoing mass exploitation, with over 170 unique IP addresses attempting to exploit the flaw. The attacks involve establishing a reverse shell, and despite initial mitigations by Ivanti, threat actors have found ways to bypass them, leading to the release of additional mitigations and official patches as of February 1, 2024. The exploitation has prompted a joint advisory from the European Union, CERT-EU, ENISA, and Europol, urging organizations to follow vendor guidance for risk mitigation.
