Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Trellix Insights

Related Vulnerabilities: CVE-2023-46805   CVE-2024-21887   cve-2023-46805  

Source
Properties
Threat Severity

High

Description

Researchers have uncovered active exploitation of two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti Connect Secure VPN devices. These vulnerabilities allow unauthenticated remote code execution, involving an authentication-bypass flaw and a command-injection vulnerability in various web components. The attackers were found to be placing webshells on both internal and external web servers. Additionally, the investigation revealed that the ICS VPN appliance had its logs wiped and logging disabled, with suspicious inbound and outbound communication detected from its management IP address in historic network traffic. The Trellix Threat Intelligence Group (TIG) gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports. This campaign was researched by Volexity and shared publicly https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/

Knowledge Base
  • Available Soon
Global Prevalence
image/svg+xml
Low
High
Observed Countries20
  • Taiwan944.12 devices found impacted per 1M devices
  • United States8.23 devices found impacted per 1M devices
  • Italy119.68 devices found impacted per 1M devices
  • Norway881.06 devices found impacted per 1M devices
  • Luxembourg411.15 devices found impacted per 1M devices
  • Austria55.76 devices found impacted per 1M devices
  • Spain15.86 devices found impacted per 1M devices
  • Myanmar2166.38 devices found impacted per 1M devices
  • Czech Rep.81.41 devices found impacted per 1M devices
  • Germany3.19 devices found impacted per 1M devices
  • United Kingdom7.5 devices found impacted per 1M devices
  • Saudi Arabia20.57 devices found impacted per 1M devices
  • Australia10.75 devices found impacted per 1M devices
  • Dominican Rep.59.9 devices found impacted per 1M devices
  • India6.04 devices found impacted per 1M devices
  • Israel8.3 devices found impacted per 1M devices
  • Poland11.56 devices found impacted per 1M devices
  • Belgium3.93 devices found impacted per 1M devices
  • Turkey8.44 devices found impacted per 1M devices
  • South Africa4.47 devices found impacted per 1M devices
Observed Sectors4
  • Unknown Sectors
    133.24 devices found impacted per 1M devices
  • Wholesale
    1.43 devices found impacted per 1M devices
  • Banking/Financial/Wealth Management
    249.38 devices found impacted per 1M devices
  • Healthcare
    3.47 devices found impacted per 1M devices
Compare Detections

Detection rate is the number of artifact detections reported by McAfee global sensors for this threat over 8 days.

Threat Prevalence - Past 8 days

The detection rate bubbles are sized based on the values below:

1-20 20-50 50-100 100+
Feb 2, 2024
Feb 3, 2024
Feb 4, 2024
Feb 5, 2024
Feb 6, 2024
Feb 7, 2024
Feb 8, 2024
Feb 9, 2024
Sector
Country
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0
Detection Rate: 0

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started