all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ivanti warns of new Connect Secure zero-day exploited in attacks

Add to bookmarks
Jan. 31, 2024, 2 p.m. | /u/outerlimtz

cybersecurity www.reddit.com

Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
The zero-day flaw (CVE-2024-21893) is a server-side request forgery vulnerability in the gateways' SAML component that enables attackers to bypass authentication and access restricted resources on vulnerable devices.
A second flaw (CVE-2024-21888) in the gateways' web component allows threat actors to escalate privileges to those of an administrator.
"As part of our ongoing investigation into …

access attackers attacks authentication bug bypass connect cve cve-2024-21893 cybersecurity exploitation exploited flaw forgery gateways ivanti policy request resources restricted saml server server-side request forgery today under vulnerabilities vulnerability zero-day zero-day bug zero-day flaw zta

Visit resource

More from www.reddit.com / cybersecurity

What Blue Team CTFs or challenges platform would you recommend in 2024? 2 hours ago | www.reddit.com
analyst blue blue team boss +12
What's a free SIEM tool that's compatible with Windows Server? 9 hours ago | www.reddit.com
central college console cybersecurity +12
Copilot‘s screen-snapping Recall data stored in plain text 12 hours ago | www.reddit.com
copilot cybersecurity data plain text +3
Cops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Ops 14 hours ago | www.reddit.com
botnet cops cybercrime cybersecurity +4
What are the most common IAM and PAM solutions in cybersecurity? 15 hours ago | www.reddit.com
cybersecurity cybersecurity professional goal iam +5
How does hiring in APT groups work? 15 hours ago | www.reddit.com
apt apt groups can cybersecurity +5
State of WiFi Security in 2024 16 hours ago | www.reddit.com
article cybersecurity exploiting feedback +9
Prioritize Blue Team for Cybersecurity Success 18 hours ago | www.reddit.com
blue blue team box can +16
Reported a Critical Vulnerability, Retested, and Now I Guess I'm Just Shouting Into the Void? 21 hours ago | www.reddit.com
bypass critical critical vulnerability cvss +6

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com