Security News > 2024 > January > Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
2024-01-31 13:38
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows
News URL
https://thehackernews.com/2024/01/alert-ivanti-discloses-2-new-zero-day.html
Related news
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- UK domain registry Nominet confirms breach via Ivanti zero-day (source)
- UK domain registry Nominet breached via Ivanti zero-day (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-21888 | Unspecified vulnerability in Ivanti Connect Secure and Policy Secure A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | 8.8 |