all InfoSec news
CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
Jan. 11, 2024, 1:20 a.m. | Scott Caveza, Satnam Narang
Cyber Exposure Alerts www.tenable.com
Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors.
Background
On January 10, Ivanti released a security advisory for two zero-day vulnerabilities that were exploited in-the-wild in limited, targeted attacks.
CVE | Description | CVSSv3 |
---|---|---|
CVE-2023-46805 | Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability | 8.2 |
CVE-2024-21887 | Ivanti Connect Secure and Ivanti Policy Secure Command Injection Vulnerability | 9.1 |
Both flaws were exploited as part …
advisory attack attacks connect cve exploited ivanti january nation nation-state actors policy security security advisory state targeted attacks vulnerabilities zero-day zero-day vulnerabilities
More from www.tenable.com / Cyber Exposure Alerts
Oracle April 2024 Critical Patch Update Addresses 239 CVEs
2 weeks, 1 day ago |
www.tenable.com
Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407)
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Associate Manager, BPT Infrastructure & Ops (Security Engineer)
@ SC Johnson | PHL - Makati
Cybersecurity Analyst - Project Bound
@ NextEra Energy | Jupiter, FL, US, 33478
Lead Cyber Security Operations Center (SOC) Analyst
@ State Street | Quincy, Massachusetts
Junior Information Security Coordinator (Internship)
@ Garrison Technology | London, Waterloo, England, United Kingdom
Sr. Security Engineer
@ ScienceLogic | Reston, VA