Security News > 2024 > February > Ivanti devices hit by wave of exploits for latest security hole

Ivanti first disclosed the newest bug in the SAML component of of Ivanti Connect Secure and Ivanti Policy Secure appliances on January 31.

"At the time of publication, the exploitation of CVE-2024-21893 appears to be targeted. Ivanti expects the threat actor to change their behavior and we expect a sharp increase in exploitation once this information is public - similar to what we observed on 11 January following the 10 January disclosure," Ivanti warned last week.

When asked about February attacks, an Ivanti spokesperson directed The Register to its earlier security alert.

As of February 1, the vendor had issued a patch addressing all known vulnerabilities for Ivanti Connect Secure version 22.5R2.2 and Ivanti Policy Secure 22.5R1.1.

According to ShadowServer, exploits targeting CVE-2024-21893 are quickly outpacing the other previously reported Ivanti CVEs, and it has since added the flaw to its exploitation dashboard.

The US Cybersecurity and Infrastructure Security agency issued its second emergency directive about the flawed Ivanti systems, requiring federal agencies running Ivanti Connect Secure or Ivanti Policy Secure to disconnect these products from agency networks by February 2.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/05/ivanti_zero_day/