Security News > 2024 > February > Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
CVE-2024-21893, a server-side request forgery vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure, is being exploited by attackers.
Its existence, along with that of CVE-2024-21888, a privilege escalation vulnerability affecting the same Ivanti Connect Secure and Policy Secure versions, was revealed by Ivanti in late January.
According to Ivanti and Mandiant, CVE-2024-21893 is actually a new technique to bypass Ivanti's original mitigation for CVE-2023-46805, another authentication bypass flaw, which has been leveraged by attackers in conjunction with CVE-2024-21887.
It's been a bad month or so for Ivanti and for organizations using its Connect Secure VPN gateways.
First CVE-2023-46805 and CVE-2024-21887 were being exploited and Ivanti only had a temporary mitigation to offer, pushing the US Cybersecurity and Infrastructure Agency to order US federal agencies to "Disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks" by February 2, 2024.
All four vulnerabilities have since been remediated by Ivanti.
News URL
https://www.helpnetsecurity.com/2024/02/07/cve-2024-21893-exploited/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-21893 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | 8.2 |
| 2024-01-31 | CVE-2024-21888 | Unspecified vulnerability in Ivanti Connect Secure and Policy Secure A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | 8.8 |
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-12 | CVE-2023-46805 | Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 8.2 |