Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin

Authors: David Brown and Mungomba Mulenga TL;dr NCC Group has observed what we believe to be the attempted exploitation of CVE-2021-42278 and CVE-2021-42287 as a means of privilege escalation, following the successful compromise of an Ivanti Secure Connect VPN using the following zero-day vulnerabilities reported by Volexity1 on 10/01/2024: By combining these vulnerabilities threat actors […]

admin authors compromise connect cve cyber security domain domain admin escalation exploitation ivanti ncc ncc group privilege privilege escalation threat threat actors threat intelligence vpn we believe