Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)

Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request forgery (SSRF) vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure and Neurons for ZTA – in late January, when it issued patches for affected devices. At the same time, the company also fixed CVE-2024-21888, … More →

The post …

attackers backdoor connect connect secure cve cve-2024-21893 devices don't miss exploit exploitation exploiting forgery hackers hot stuff inject ivanti ivanti connect secure novel orange cyberdefense patches policy policy secure request saml server server-side request forgery ssrf vulnerability vulnerable zta