Security News > 2024 > February > Ivanti devices hit by wave of exploits for latest security hole

Ivanti devices hit by wave of exploits for latest security hole
2024-02-05 20:45

Ivanti first disclosed the newest bug in the SAML component of of Ivanti Connect Secure and Ivanti Policy Secure appliances on January 31.

"At the time of publication, the exploitation of CVE-2024-21893 appears to be targeted. Ivanti expects the threat actor to change their behavior and we expect a sharp increase in exploitation once this information is public - similar to what we observed on 11 January following the 10 January disclosure," Ivanti warned last week.

When asked about February attacks, an Ivanti spokesperson directed The Register to its earlier security alert.

As of February 1, the vendor had issued a patch addressing all known vulnerabilities for Ivanti Connect Secure version 22.5R2.2 and Ivanti Policy Secure 22.5R1.1.

According to ShadowServer, exploits targeting CVE-2024-21893 are quickly outpacing the other previously reported Ivanti CVEs, and it has since added the flaw to its exploitation dashboard.

The US Cybersecurity and Infrastructure Security agency issued its second emergency directive about the flawed Ivanti systems, requiring federal agencies running Ivanti Connect Secure or Ivanti Policy Secure to disconnect these products from agency networks by February 2.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/05/ivanti_zero_day/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2024-21893 Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
network
low complexity
ivanti CWE-918
8.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283