Security News > 2024 > February > Newest Ivanti SSRF zero-day now under mass exploitation
An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.
The exploitation volume of this particular vulnerability is far greater than that of other recently fixed or mitigated Ivanti flaws, indicating a clear shift in the attackers' focus.
According to ShadowServer, there are currently almost 22,500 Ivanti Connect Secure devices exposed on the Internet.
Due to the situation with active exploitation of multiple critical zero-day vulnerabilities, lack of effective mitigations, and lack of security updates for some of the impacted product versions, the U.S. Cybersecurity & Infrastructure Security Agency has ordered federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances.
Ivanti Connect Secure zero-days now under mass exploitation.
Ivanti Connect Secure zero-days exploited to deploy custom malware.
News URL
Related news
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047) (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-21893 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | 8.2 |