Feb. 5, 2024, 9:13 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the Vulnerability?
Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been …

advisory application authentication authentication bypass bypass command command injection connect cve cve-2023-46805 cve-2024-21887 cve-2024-21888 cve-2024-21893 gateways ics injection ivanti ivanti connect secure ivanti policy secure policy the web vulnerabilities vulnerability web what is zero-day zero-day vulnerabilities

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Omada Identity Consultant

@ Accenture | Wroclaw, West House

Compliance Team Manager

@ Civil Aviation Authority | London, GB

Cloud Security Engineer

@ NetApp | Bengaluru, Karnataka, IN, 560071

InfoSec - Product Security - Senior Program Manager

@ Elastic | Canada