Ivanti Alerts on Two New High-Severity Vulnerabilities, One Currently Under Active Exploitation
January 31, 2024
Ivanti has alerted its users about two new high-risk vulnerabilities in its Connect Secure and Policy Secure solutions, identified as CVE-2024-21888 and CVE-2024-21893, with CVSS scores of 8.8 and 8.2 respectively. The company has also highlighted that one of these vulnerabilities is currently being exploited.
The vulnerability CVE-2024-21888 is a privilege escalation problem found in the web component of Ivanti Connect Secure (9.x, 22.x) and Policy Secure (9.x, 22.x). This vulnerability could be exploited by an attacker to obtain admin privileges. The other vulnerability, CVE-2024-21893, is a server-side request forgery vulnerability in the SAML component of Connect Secure (9.x, 22.x), Policy Secure (9.x, 22.x), and Neurons for ZTA. An authenticated attacker could exploit this vulnerability to gain access to certain restricted resources.
The company warned that the situation is fluid and threat actors could quickly adapt their tactics, techniques, and procedures to exploit these vulnerabilities. “At the time of publication, the exploitation of CVE-2024-21893 appears to be targeted. Ivanti expects the threat actor to change their behavior and we expect a sharp increase in exploitation once this information is public – similar to what we observed on 11 January following the 10 January disclosure.” the advisory stated. “Be aware that the situation is still evolving. Ivanti will update this knowledge base article as more information becomes available.”
To address CVE-2024-21888 and CVE-2024-21893, Ivanti recommends importing the “mitigation.release.20240126.5.xml” file via the download portal as a temporary workaround.
In early January 2024, Ivanti reported that threat actors were exploiting two other zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. Recently, researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities.
Related News
- Ivanti's Zero-Day Vulnerabilities Remain Unpatched as 'KrustyLoader' Attacks Increase
- Ivanti Warns of Vulnerability in VPN Appliances Due to New Configurations
- CISA Issues Emergency Directive to Address Ivanti Zero-Day Vulnerabilities
- Critical Ivanti Authentication Bypass Bug Now Actively Exploited, Warns CISA
- Ivanti's Connect Secure VPN and Policy Secure NAC Appliances Face Mass Exploitation
Latest News
- Ivanti's Zero-Day Vulnerabilities Remain Unpatched as 'KrustyLoader' Attacks Increase
- Critical Vulnerability Exposes 45k Jenkins Servers to RCE Attacks
- Russian APT 'Midnight Blizzard' Breached HPE and Microsoft Months Apart
- Critical Remote Code Execution Vulnerability Detected in Cisco's Communication Software
- Critical Exploit Released for Fortra's GoAnywhere MFT Authentication Bypass Vulnerability
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.