all InfoSec news
Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893)
Feb. 5, 2024, 9:13 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been …
advisory application authentication authentication bypass bypass command command injection connect cve cve-2023-46805 cve-2024-21887 cve-2024-21888 cve-2024-21893 gateways ics injection ivanti ivanti connect secure ivanti policy secure policy the web vulnerabilities vulnerability web what is zero-day zero-day vulnerabilities
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Data & Security Engineer Lead
@ LiquidX | Singapore, Central Singapore, Singapore
IT and Cyber Risk Control Lead
@ GXS Bank | Singapore - OneNorth
Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F
@ Hifield | Sèvres, France
Cyber Security Analyst (Weekend 1st Shift)
@ Fortress Security Risk Management | Cleveland, OH, United States
Senior Manager, Cybersecurity
@ BlueTriton Brands | Stamford, CT, US