A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ivanti connect secure 22.1 |
||
ivanti connect secure 22.2 |
||
ivanti connect secure 9.1 |
||
ivanti connect secure 21.9 |
||
ivanti connect secure 21.12 |
||
ivanti policy secure 22.2 |
||
ivanti policy secure 22.1 |
||
ivanti policy secure 9.1 |
||
ivanti connect secure 22.4 |
||
ivanti connect secure 22.3 |
||
ivanti connect secure 22.6 |
||
ivanti policy secure 22.3 |
||
ivanti policy secure 22.6 |
||
ivanti policy secure 22.5 |
||
ivanti policy secure 22.4 |
||
ivanti connect secure 9.0 |
||
ivanti policy secure 9.0 |
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware By Bill Toulas March 9, 2024 10:08 AM 1 Image: Midjourney A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. 1-day flaws refer to publicly disclosed vulnerabilities for which a patch has been released. Threat actors looking to exploit these flaws must do so quickly before a target can apply security up...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Many versions still without fixes while sophisticated attackers bypass mitigations
Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation. The news comes days after Ivanti, which releases its patches on a staggered schedule, said the first batch of fixes – due last week – was delayed, and many versions remain without official fixes. Patches are now available for versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2...