Security News > 2024 > May > Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery
2024-05-09 11:04
Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw,
News URL
https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html
Related news
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
- Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- New Mirai botnet behind surge in TVT DVR exploitation (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-12 | CVE-2023-46805 | Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 8.2 |