Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

We Keep you Connected

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild.
The list of vulnerabilities is as follows –
The Utah-based software company said it found no evidence of customers being impacted by CVE-2024-21888 so far, but acknowledged “the exploitation of CVE-2024-21893 appears to be targeted.”
It further noted that it “expects the threat actor to change their behavior and we expect a sharp increase in exploitation once this information is public.”
In tandem to the public disclosure of the two new vulnerabilities, Ivanti has released fixes for Connect Secure versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1, and ZTA version 22.6R1.3.
“Out of an abundance of caution, we are recommending as a best practice that customers factory reset their appliance before applying the patch to prevent the threat actor from gaining upgrade persistence in your environment,” it said. “Customers should expect this process to take 3-4 hours.”
As temporary workarounds to address CVE-2024-21888 and CVE-2024-21893, users are recommended to import the “mitigation.release.20240126.5.xml” file.
The latest development comes as two other flaws in the same product – CVE-2023-46805 and CVE-2024-21887 – have come under broad exploitation by multiple threat actors to deploy backdoors, cryptocurrency miners, and a Rust-based loader called KrustyLoader.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in a fresh advisory published today, said adversaries are leveraging the two shortcomings to capture credentials and drop web shells that enable further compromise of enterprise networks.
“Some threat actors have recently developed workarounds to current mitigations and detection methods and have been able to exploit weaknesses, move laterally, and escalate privileges without detection,” the agency said.
“Sophisticated threat actors have subverted the external integrity checker tool (ICT), further minimizing traces of their intrusion.”
⚡ Free Risk Assessment from Vanta
Generate a gap assessment of your security and compliance posture, discover shadow IT, and more.
Discover proven hacks and techniques to eliminate even the most sophisticated 2024 threats.
Explore the trends, challenges, and opportunities shaping the future of customer data management.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE