all InfoSec news
Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin
Malware Analysis, News and Indicators - Latest topics malware.news
Authors: David Brown and Mungomba Mulenga
TL;dr
NCC Group has observed what we believe to be the attempted exploitation of CVE-2021-42278 and CVE-2021-42287 as a means of privilege escalation, following the successful compromise of an Ivanti Secure Connect VPN using the following zero-day vulnerabilities reported by Volexity1 on 10/01/2024:
- CVE-2023-46805 – an authentication-bypass vulnerability with a CVSS score of 8.2
- CVE-2024-21887 – a command-injection vulnerability found into multiple web components with a CVSS score of 9.1
By combining these vulnerabilities …
admin authors compromise connect cve domain domain admin escalation exploitation ivanti malware analysis ncc ncc group privilege privilege escalation threat threat actors vpn we believe