Security News > 2024 > January > Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
2024-01-31 07:23

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused


News URL

https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2024-21887 Command Injection vulnerability in Ivanti Connect Secure and Policy Secure
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
network
low complexity
ivanti CWE-77
critical
 9.1
9.1
2024-01-12 CVE-2023-46805 Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
network
low complexity
ivanti CWE-287
8.2
8.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 26 0 51 152 75 278