MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]

The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.

attack authentication authentication bypass breach breached bypass command command injection compromise cve cve-2023-46805 cybersecurity news environment experimentation hackers injection ivanti ivanti vulnerabilities january january 2024 mitre nerve network research researchers state system unclassified virtualization vpn vulnerabilities zero-day zero-days zero-day vulnerabilities