iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Ivanti continues to face vulnerability concerns, with the company discovering a new bug already being exploited.
The company discovered CVE-2024-21893 on 31 January 2024 during investigations and patching of previously discovered vulnerabilities, CVE-2023-46805 and CVE-2024-21887.
The new vulnerability is a server-side request forgery (SSRF) vulnerability, a bug that would allow an attacker to cause the server-side system to make requests to a different location.
“The vulnerabilities allow for an unauthenticated threat actor to execute arbitrary commands on the appliance with elevated privileges,” wrote cyber security firm Mandiant.
For example, a threat actor could cause the server-side application to connect with internal-only services within a company infrastructure.
Mandiant said it has observed a large number of instances of the vulnerability being exploited, while Shadowserver and Rapid7 have also said that the vulnerability is being used by threat actors in the wild.
We observed CVE-2024-21893 exploitation using '/dana-na/auth/saml-logout.cgi' on Feb 2nd hours before @Rapid7 posting & unsurprisingly lots to '/dana-ws/saml20.ws' after publication. This includes reverse shell attempts & other checks. To date, over 170 attacking IPs involved https://t.co/yUy4y2xCCz
— Shadowserver (@Shadowserver) February 4, 2024
The US Cybersecurity and Infrastructure Security Agency has advised companies to disconnect Ivanti Connect Secure until vulnerabilities have been patched.
Be the first to hear the latest developments in the cyber industry.
