Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities

  /     /     /  
Publicated : 23/11/2024   Category : security


Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities


Patches will be available in late January and February, but until then, customers must take mitigation measures.



Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products — CVE-2023-46805 and CVE-2024-21887— that are already being actively exploited by threat actors.
The vulnerabilities were found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways, and the vulnerabilities affect all supported versions (Version 9.x and 22.x). Volexity assisted in identifying and reporting the issues in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways.
CVE-2023-46805 is an authentication bypass vulnerability that allows threat actors to access restricted materials remotely and has a CVSS rating of 8.2. CVE-2024-21887, with a CVSS rating of 9.1, is a command injection vulnerability that allows authenticated admins to send unique requests as well as execute arbitrary commands.
Ivanti researchers reported
 that mitigation is available and patches will be released in waves in a staggered approach — a patch for the authentication bypass vulnerability will be available Jan. 22; a patch for the command injection vulnerability is slated for Feb. 19. Mitigation is available from the vendor while the patches are being developed, but Ivanti researchers stress its essential that customers take immediate action.
For assistance or help with questions, Ivanti is directing customers to its Success Portal to request a call or log a case. Instructions on 
how to apply the mitigation
 are available on the website.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities