ThreatLabz Coverage Advisory: Ivanti’s VPN Vulnerabilities Exploited by Hackers, New Zero-Days Pose Critical Risk | allinfosecnews.com

Feb. 2, 2024, 10:11 p.m. | Deepen Desai

Security Boulevard securityboulevard.com

Introduction

Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. The initial disclosure involved two CVEs (CVE-2023-46805 and CVE-2023-21887) allowing a remote attacker to perform authentication bypass and remote command injection exploits. Ivanti released a patch which was immediately bypassed by two additional flaws (CVE-2024-21888 and CVE-2024-21893) that allows an attacker to perform privilege escalation and server-side request forgery exploits.

The Cybersecurity …

advisory attacker authentication authentication bypass bypass chinese critical cve cve-2023-46805 cves december december 2023 disclosure exploited hackers introduction it management ivanti management products risk security security company state threatlabz vpn vulnerabilities warning zero-day zero-days zero-day vulnerabilities

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – Controlled Data Races In Enclaves: Attacks And Detection 13 hours ago | securityboulevard.com

access attacks authors channel +16

What is Secure Code Review and How to Conduct it? 21 hours ago | securityboulevard.com

application assurance automated cloud security +19

Why Bot Management Should Be a Crucial Element of Your Marketing Strategy 1 day, 5 hours ago | securityboulevard.com

address advanced bot protection analytics application security +15

Cloud Monitor Identifies and Remediates Problematic VPN Use in K-12 Districts 1 day, 6 hours ago | securityboulevard.com

chief cloud cybersecurity director +24

Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds 1 day, 8 hours ago | securityboulevard.com

blockchain cryptocurrency crypto scam cyberlaw +24

Votiro Keeps Up the Momentum in 2024 1 day, 8 hours ago | securityboulevard.com

blog momentum security security boulevard +1

Novel Threat Tactics, Notable Vulnerabilities, and Current Trends for April 2024 1 day, 9 hours ago | securityboulevard.com

april blog posts center clients +32

USENIX Security ’23 – AEX-Notify: Thwarting Precise Single-Stepping Attacks Through Interrupt Awareness For Intel SGX … 1 day, 9 hours ago | securityboulevard.com

access attacks authors awareness +15

North Korea IT Worker Scam Brings Malware and Funds Nukes 1 day, 9 hours ago | securityboulevard.com

analytics & intelligence api security appsec careers +60

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com