CVE-2024-21893

New Ivanti RCE flaw may impact 16,000 exposed VPN gateways By Bill Toulas April 5, 2024 01:40 PM 0 Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. The flaw is tracked as CVE-2024-21894 and is a high-severity heap overflow in the IPSec component of Ivanti Connect Secure 9.x and 22.x, potentially allowing unauthenticated users to cause denial of ...

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks By Sergiu Gatlan April 3, 2024 01:29 PM 0 IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. Unauthenticated attackers can exploit one of them, a high-severity flaw tracked as CVE-2024-21894, to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require use...

Ivanti fixes critical Standalone Sentry bug reported by NATO By Sergiu Gatlan March 20, 2024 01:08 PM 0 Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. Standalone Sentry is deployed as an organization's Kerberos Key Distribution Center Proxy (KKDCP) server or as a gatekeeper for ActiveSync-enabled Exchange and Sharepoint servers. Tracked as CVE-2023-41724, the security flaw impacts all supported ...

Magnet Goblin hackers use 1-day flaws to drop custom Linux malware By Bill Toulas March 9, 2024 10:08 AM 1 Image: Midjourney A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. 1-day flaws refer to publicly disclosed vulnerabilities for which a patch has been released. Threat actors looking to exploit these flaws must do so quickly before a target can apply security up...

CISA warns against using hacked Ivanti devices even after factory resets By Sergiu Gatlan February 29, 2024 03:35 PM 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. Furthermore, they can also evade detection by Ivanti's internal and external Integrity Checker Tool (ICT) on Ivanti Connect Secure...

CISA cautions against using hacked Ivanti VPN gateways even after factory resets By Sergiu Gatlan February 29, 2024 03:35 PM 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. Furthermore, they can also evade detection by Ivanti's internal and external Integrity Checker Tool (ICT) on Iv...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources At this point you might be better off just shutting the stuff down

Various miscreants are attempting to exploit the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 that can be used to hijack equipment. That's according to threat hunters tracking the string of CVE-listed security holes plaguing the VPN gateways in recent weeks. Ivanti on January 31 disclosed and began patching CVE-2024-21893, which is present in the SAML component of of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) ap...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Many versions still without fixes while sophisticated attackers bypass mitigations

Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation. The news comes days after Ivanti, which releases its patches on a staggered schedule, said the first batch of fixes – due last week – was delayed, and many versions remain without official fixes. Patches are now available for versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2...