Feb. 2, 2024, 10:11 p.m. | Deepen Desai

Security Boulevard securityboulevard.com

Introduction


Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. The initial disclosure involved two CVEs (CVE-2023-46805 and CVE-2023-21887) allowing a remote attacker to perform authentication bypass and remote command injection exploits. Ivanti released a patch which was immediately bypassed by two additional flaws (CVE-2024-21888 and CVE-2024-21893) that allows an attacker to perform privilege escalation and server-side request forgery exploits.


The Cybersecurity …

advisory attacker authentication authentication bypass bypass chinese critical cve cve-2023-46805 cves december december 2023 disclosure exploited hackers introduction it management ivanti management products risk security security company state threatlabz vpn vulnerabilities warning zero-day zero-days zero-day vulnerabilities

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Senior Director, Artificial Intelligence & Machine Learning and Data Management

@ General Dynamics Information Technology | USA VA Falls Church - 3150 Fairview Park Dr (VAS095)

Test Engineer - Remote

@ General Dynamics Information Technology | USA VA Home Office (VAHOME)

Senior Principal Oracle Database Administrator

@ Everfox | Home Office - USA - Maryland

Director, Early Career and University Relations

@ Proofpoint | Texas

Enterprise Account Manager

@ Proofpoint | Geneva, Switzerland - Remote