Security News > 2024 > January > Ivanti Connect Secure zero-days now under mass exploitation
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation.
While Ivanti is yet to release patches for these two actively exploited zero-days, admins are advised to apply mitigation measures provided by the vendor on all ICS VPNs on their network.
As Ivanti disclosed last week, attackers can run arbitrary commands on all supported versions of ICS VPN and IPS appliances when successfully chaining the two zero days.
Thinspool Dropper: custom shell script dropper that writes the Lightwire web shell onto Ivanti CS, securing persistence.
Ivanti warns of Connect Secure zero-days exploited in attacks.
Ivanti Connect Secure zero-days exploited to deploy custom malware.
News URL
Related news
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047) (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)