all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ThreatLabz Coverage Advisory: Ivanti’s VPN Vulnerabilities Exploited by Hackers, New Zero-Days Pose Critical Risk

Add to bookmarks
Feb. 2, 2024, 10:11 p.m. | Deepen Desai

Security Boulevard securityboulevard.com

Introduction


Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. The initial disclosure involved two CVEs (CVE-2023-46805 and CVE-2023-21887) allowing a remote attacker to perform authentication bypass and remote command injection exploits. Ivanti released a patch which was immediately bypassed by two additional flaws (CVE-2024-21888 and CVE-2024-21893) that allows an attacker to perform privilege escalation and server-side request forgery exploits.


The Cybersecurity …

advisory attacker authentication authentication bypass bypass chinese critical cve cve-2023-46805 cves december december 2023 disclosure exploited hackers introduction it management ivanti management products risk security security company state threatlabz vpn vulnerabilities warning zero-day zero-days zero-day vulnerabilities

Visit resource

More from securityboulevard.com / Security Boulevard

Google Continues Mixing Generative AI into Cybersecurity 4 hours ago | securityboulevard.com
ai model cloud cloud security cloud service +37
HYPR and Microsoft Partner on Entra ID External Authentication Methods 6 hours ago | securityboulevard.com
authentication authentication methods can eam +17
2024 OWASP Mobile Top Ten Risks 7 hours ago | securityboulevard.com
api security api security - analysis application application security +19
Google Makes Implementing 2FA Simpler 7 hours ago | securityboulevard.com
2fa 2fa authenticator 2 factor authentication 2-step verification +29
RSAC 2024: IoT Security Questions (and Answers) 7 hours ago | securityboulevard.com
analysts blog breaches compliance +21
Danile Stori’s ‘Vulnerable Code’ 8 hours ago | securityboulevard.com
code daniel daniel stori humor +6
Balancing AI Workloads and Energy Demands with DCIM Software 8 hours ago | securityboulevard.com
applications article artificial artificial intelligence +21
Introducing Aembit Access Management for CI/CD Platforms 9 hours ago | securityboulevard.com
access access management actions aembit +17
Guts & Greed: How Bug Hunter Arrogance and Apathy Hurts Us All 9 hours ago | securityboulevard.com
amp apathy api hacking mindset application +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Red Team Penetration Tester and Operator, Junior

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com

Director, Security Operations & Risk Management

@ Live Nation Entertainment | Toronto, ON
View on infosec-jobs.com

IT and Security Specialist APAC (F/M/D)

@ Flowdesk | Singapore, Singapore, Singapore
View on infosec-jobs.com

Senior Security Controls Assessor

@ Capgemini | Washington, DC, District of Columbia, United States; McLean, Virginia, United States
View on infosec-jobs.com

GRC Systems Solution Architect

@ Deloitte | Midrand, South Africa
View on infosec-jobs.com

Cybersecurity Subject Matter Expert (SME)

@ SMS Data Products Group, Inc. | Fort Belvoir, VA, United States
View on infosec-jobs.com
View more jobs