Two Ivanti Zero-Day Vulnerabilities Demand Immediate User Attention

Ivanti has warned all Connect Secure and Policy Secure users to immediately update their systems with the latest versions as two new zero-day vulnerabilities receive patches. The firm admitted detecting active exploitation of one of these flaws.

Two New Ivanti Zero-Day Vulnerabilities Surfaced Online

According to a recent advisory, Ivanti Connect Secure and Policy Secure products exhibit two more vulnerabilities that the firm categorized as zero-day flaws.

These vulnerabilities differ from the two zero-days disclosed and patched in early January. The firm found these two security issues while investigating the previously disclosed flaws.

What makes these findings more important is the fact that Ivanti found one of these vulnerabilities actively exploited in the wild.

Specifically, the two newly discovered vulnerabilities include the following.

  • CVE-2024-21888 (CVSS 8.8): A privilege escalation vulnerability in Ivanti Connect Secure and Ivanti Policy Secure web component that allowed admin privileges to an attacker. Ivanti confirmed detecting active exploitation of this vulnerability.
  • CVE-2024-21893 (CVSS 8.2): A server-side request forgery (SSRF) in the SAML component of Ivanti Connect Secure and Ivanti Policy Secure, as well as Ivanti Neurons for ZTA. Exploiting the flaw could let an unauthenticated adversary gain access to restricted resources.

Ivanti patched these vulnerabilities with the release of Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3.

Previously Disclosed Zero-Days Under Attack to Deploy Malware

While Ivanti patched the newly discovered vulnerabilities with the latest software releases, the menace of the two earlier-known flaws seemingly continues.

Specifically, the US CISA recently warned Ivanti users to stay wary of the previous two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, as they found active exploitation of these flaws to deploy malware. According to its advisory, the service caught mass exploitation attempts of these vulnerabilities from multiple threat actors.

Researchers have also found the active exploitation of these vulnerabilities to deploy a Rust-based malware, “KrustyLoader.”

Hence, it’s now crucial for all users to patch their devices immediately to avoid potential threats.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients