Security News > 2024 > February > Newest Ivanti SSRF zero-day now under mass exploitation

Newest Ivanti SSRF zero-day now under mass exploitation
2024-02-05 15:55

An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.

The exploitation volume of this particular vulnerability is far greater than that of other recently fixed or mitigated Ivanti flaws, indicating a clear shift in the attackers' focus.

According to ShadowServer, there are currently almost 22,500 Ivanti Connect Secure devices exposed on the Internet.

Due to the situation with active exploitation of multiple critical zero-day vulnerabilities, lack of effective mitigations, and lack of security updates for some of the impacted product versions, the U.S. Cybersecurity & Infrastructure Security Agency has ordered federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances.

Ivanti Connect Secure zero-days now under mass exploitation.

Ivanti Connect Secure zero-days exploited to deploy custom malware.


News URL

https://www.bleepingcomputer.com/news/security/newest-ivanti-ssrf-zero-day-now-under-mass-exploitation/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2024-21893 Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
network
low complexity
ivanti CWE-918
8.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 23 9 60 74 51 194