all InfoSec news
Ivanti Warns of Connect Secure, Policy Secure Zero Days
Malware Analysis, News and Indicators - Latest topics malware.news
Ivanti is warning of two actively exploited vulnerabilities in its Connect Secure and Policy Secure gateways. Currently, the company said it is aware of “less than 10 customers impacted by the vulnerabilities.”
Connect Secure and Policy Secure contain a command injection bug (CVE-2024-21887) and an authentication bypass flaw (CVE-2023-46805). If these vulnerabilities are chained together, Ivanti said threat actors can craft malicious requests and execute arbitrary commands on the system, all without authentication. Patches are not yet available, and will …
actively exploited authentication authentication bypass authentication bypass flaw aware bug bypass command command injection connect customers cve exploited exploited vulnerabilities flaw injection ivanti policy the company vulnerabilities warning