Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities

Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products - CVE-2023-46805 and CVE-2024-21887- that are already being actively exploited by threat actors.
The vulnerabilities were found in Ivanti Connect Secure and Ivanti Policy Secure gateways, and the vulnerabilities affect all supported versions.
Volexity assisted in identifying and reporting the issues in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways.
CVE-2023-46805 is an authentication bypass vulnerability that allows threat actors to access restricted materials remotely and has a CVSS rating of 8.2.
CVE-2024-21887, with a CVSS rating of 9.1, is a command injection vulnerability that allows authenticated admins to send unique requests as well as execute arbitrary commands.
Ivanti researchers reported that mitigation is available and patches will be released in waves in a staggered approach - a patch for the authentication bypass vulnerability will be available Jan. 22; a patch for the command injection vulnerability is slated for Feb. 19.
Mitigation is available from the vendor while the patches are being developed, but Ivanti researchers stress it's essential that customers take immediate action.
For assistance or help with questions, Ivanti is directing customers to its Success Portal to request a call or log a case.
Instructions on how to apply the mitigation are available on the website.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 11 Jan 2024 21:50:04 +0000

Cyber News related to Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
5 months ago Techtarget.com

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
5 months ago Unit42.paloaltonetworks.com

Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
5 months ago Techtarget.com

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
5 months ago Darkreading.com

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 month ago Securityaffairs.com

Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
5 months ago Bleepingcomputer.com

Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
4 months ago Go.theregister.com

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
3 months ago Techtarget.com

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
5 months ago Bleepingcomputer.com

China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
5 months ago Go.theregister.com

Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
7 months ago Bleepingcomputer.com

10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
5 months ago Techtarget.com

Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
5 months ago Techrepublic.com

Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
3 months ago Hackread.com

Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
5 months ago Bleepingcomputer.com

Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
4 months ago Cysecurity.news

Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
7 months ago Bleepingcomputer.com

Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities - Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products - CVE-2023-46805 and CVE-2024-21887- that are already being actively exploited by threat actors. The vulnerabilities were found in Ivanti Connect Secure and ...
5 months ago Darkreading.com

Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 month ago Bleepingcomputer.com

Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
4 months ago Bleepingcomputer.com

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
5 months ago Securityweek.com

Two Ivanti Zero-Days Actively Exploited in the Wild - Ivanti customers have been urged to follow the security vendor's suggested workaround after it confirmed that two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways are being actively exploited. Connect Secure is a VPN product ...
5 months ago Infosecurity-magazine.com

Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
7 months ago Bleepingcomputer.com

Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
7 months ago Bleepingcomputer.com

Ivanti zero-day flaws under 'widespread' exploitation - Two critical Ivanti vulnerabilities that remain unpatched are being widely exploited just five days following public disclosure. In a security advisory Wednesday, Ivanti urged users and administrators to mitigate two zero-day vulnerabilities that ...
5 months ago Techtarget.com

Latest Cyber News

Infosec products of the month: June 2024 - 15 minutes ago
CVE-2024-38525 - 2 hours ago
CVE-2024-6418 - 4 hours ago
CVE-2024-6417 - 4 hours ago
CVE-2023-48733 - 4 hours ago
Cybersecurity Today: Cyber Security Today, Week in Review for week ending Friday, June 28, 2024 - 4 hours ago
CVE-2024-6416 - 5 hours ago
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO - 5 hours ago
Google Chrome to let Isolated Web App access sensitive USB devices - 6 hours ago
CVE-2024-34703 - 6 hours ago
CVE-2024-28794 - 8 hours ago
CVE-2023-50964 - 8 hours ago
The dangers of voice fraud: We can't detect what we can't see - 8 hours ago
CVE-2024-28797 - 9 hours ago
CVE-2023-50952 - 9 hours ago
CVE-2024-31898 - 9 hours ago
CVE-2023-50953 - 9 hours ago
Russia's Midnight Blizzard stole email of more Microsoft customers - 9 hours ago
CVE-2024-31902 - 10 hours ago
CVE-2024-28798 - 10 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 6 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

Infosec products of the month: June 2024 - 15 minutes ago
CVE-2024-6416 - 5 hours ago
CVE-2024-6418 - 4 hours ago
CVE-2024-6417 - 4 hours ago
CVE-2024-34703 - 6 hours ago
Cybersecurity Today: Cyber Security Today, Week in Review for week ending Friday, June 28, 2024 - 4 hours ago
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO - 5 hours ago
CVE-2024-28797 - 9 hours ago
CVE-2023-50952 - 9 hours ago
CVE-2024-31898 - 9 hours ago
CVE-2023-50953 - 9 hours ago
CVE-2024-28794 - 8 hours ago
CVE-2023-50964 - 8 hours ago
Google Chrome to let Isolated Web App access sensitive USB devices - 6 hours ago
CVE-2024-5062 - 11 hours ago
CVE-2024-28795 - 11 hours ago
CVE-2023-35022 - 11 hours ago
CVE-2024-31902 - 10 hours ago
CVE-2024-28798 - 10 hours ago
CVE-2024-35119 - 10 hours ago