Ivanti reports another set of actively exploited vulnerabilities
Take action: It's time for a very tedious and difficult patching process. Don't delay, because Ivanti Connect Secure and Policy Secure are actively being attacked and hacked. It's not going to be an easy rest of the week, but it must be done. Or you WILL be hacked.
Learn More
Ivanti announced the discovery and subsequent patching of another two critical vulnerabilities affecting its Connect Secure and Policy Secure products. The previous set of two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, had already been disclosed, and the cybersecurity community was alerted to these vulnerabilities earlier.
In addition to these previously disclosed vulnerabilities, Ivanti is reporting new significant issues:
- privilege escalation vulnerability, tracked as CVE-2024-21888 (CVSS score 8.8),
- server-side request forgery (SSRF) flaw, tracked as CVE-2024-21893 (CVSS score 8.8)
The second one is particularly concerning as it represents a zero-day vulnerability that is currently being exploited in the wild, allowing unauthenticated attackers to access restricted resources. Ivanti has raised alarms about the potential for a surge in exploitation attempts following the public disclosure of these vulnerabilities, mirroring the patterns observed after the January 10 announcement.
Ivanti has now released patches for these vulnerabilities. However, due to the complexity of the patching process, which is described as multi-step and time-consuming, Ivanti recommends that customers perform a factory reset of their appliances before applying the patch to eliminate any residual threat actor presence.
This process is expected to take three to four hours to complete. Furthermore, Ivanti has delayed the patch release for the earlier disclosed zero-day vulnerabilities, underscoring the challenges in managing the response to these security issues.
