Home Latest Cyber Security News | Network Security Hacking Two Ivanti Zero-Day Vulnerabilities Demand Immediate User Attention
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Two Ivanti Zero-Day Vulnerabilities Demand Immediate User Attention

by Abeerah Hashim
written by Abeerah Hashim
Ivanti patches another vulnerability, while the attackers exploit the former one.

Ivanti has warned all Connect Secure and Policy Secure users to immediately update their systems with the latest versions as two new zero-day vulnerabilities receive patches. The firm admitted detecting active exploitation of one of these flaws.

Two New Ivanti Zero-Day Vulnerabilities Surfaced Online

According to a recent advisory, Ivanti Connect Secure and Policy Secure products exhibit two more vulnerabilities that the firm categorized as zero-day flaws.

These vulnerabilities differ from the two zero-days disclosed and patched in early January. The firm found these two security issues while investigating the previously disclosed flaws.

What makes these findings more important is the fact that Ivanti found one of these vulnerabilities actively exploited in the wild.

Specifically, the two newly discovered vulnerabilities include the following.

  • CVE-2024-21888 (CVSS 8.8): A privilege escalation vulnerability in Ivanti Connect Secure and Ivanti Policy Secure web component that allowed admin privileges to an attacker. Ivanti confirmed detecting active exploitation of this vulnerability.
  • CVE-2024-21893 (CVSS 8.2): A server-side request forgery (SSRF) in the SAML component of Ivanti Connect Secure and Ivanti Policy Secure, as well as Ivanti Neurons for ZTA. Exploiting the flaw could let an unauthenticated adversary gain access to restricted resources.

Ivanti patched these vulnerabilities with the release of Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3.

Previously Disclosed Zero-Days Under Attack to Deploy Malware

While Ivanti patched the newly discovered vulnerabilities with the latest software releases, the menace of the two earlier-known flaws seemingly continues.

Specifically, the US CISA recently warned Ivanti users to stay wary of the previous two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, as they found active exploitation of these flaws to deploy malware. According to its advisory, the service caught mass exploitation attempts of these vulnerabilities from multiple threat actors.

Researchers have also found the active exploitation of these vulnerabilities to deploy a Rust-based malware, “KrustyLoader.”

Hence, it’s now crucial for all users to patch their devices immediately to avoid potential threats.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...