Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml file via Ivanti’s download portal. About the vulnerabilities (CVE-2023-46805 and CVE-2024-21887) The two security flaws affect all supported versions (v9.x and 22.x) of Ivanti Connect Secure (ICS) – formerly known as Pulse Connect Secure – … More →

The post …

0 day apt attackers backdoor connect cve devices don't miss download enterprise exploitation exploited file flaws hot stuff ivanti mitigation patches portal release researchers risk secure vpn under volexity vpn vulnerabilities web shell xml zero-day zero-days zero-day vulnerabilities