1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Another serious Ivanti vulnerability has been found under attack,

    From TechnologyDaily@1337:1/100 to All on Tue Feb 6 17:15:05 2024
    Another serious Ivanti vulnerability has been found under attack, so update now

    Date:
    Tue, 06 Feb 2024 17:12:05 +0000

    Description:
    Ivanti can't seem to catch a break after CISA orders government agencies to temporarily disconnect the VPNs.

    FULL STORY ======================================================================

    Ivanti cant seem to catch a break, as soon after discovering and patching two major flaws that were being exploited in the wild, a third one emerged.

    Just like the previous two, this new threat also affects Ivantis Connect Secure and Policy Secure VPN products,

    Its tracked as CVE-2024-21893, and is described as a server-side request forgery. Ivanti published finding the flaw in late January this year,
    together with another vulnerability that hasnt yet caught the hacking communitys attention. A rocky start to the year

    At the time, the company released a patch, and said it wasnt aware of mass abuse. We are only aware of a small number of customers who have been
    impacted by CVE-2024-21893 at this time, the company said in the advisory.

    However, citing information from Shadowserver, ArsTechnica reported that the abuse has mushroomed and exceeded that of CVE-2023-46805 and CVE-2024-21887, the two flaws hackers previously targeted.

    Its been a rocky start to 2024 for Ivanti after it recently discovered two high severity flaws that were being exploited in the wild.

    At first, it released mitigations for the flaws, and later released a patch, but soon after publishing the findings, the US Government's Cybersecurity and Infrastructure Security Agency (CISA) warned users of hackers actively exploiting the flaw and even advised government agencies to disconnect their Ivanti VPNs until they are able to completely rebuild them with the patch installed.

    The first two flaws were abused by Chinese state-sponsored threat actors, the researchers said at the time. For the newest vulnerability, there is still no word on who the perpetrators are, but its safe to assume the same people. Whats more, endpoints protected against the first two flaws are vulnerable to the third one, unless they apply the separately-published patch.

    While researchers from Rapid7 released a Proof-of-Concept (PoC) late last week, it doesnt seem that it played a significant role, as researchers saw active exploitation hours earlier. More from TechRadar Pro Top password manager denies its entire database can be stolen Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/bad-news-theres-another-serious-ivanti- vulnerability-under-attack-so-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)