Technology

More woes for Ivanti as exploit activity rises – Security

0
Please log in or register to do it.
More woes for Ivanti as exploit activity rises – Security



A security vulnerability discovered by Ivanti during a separate security investigation is being widely exploited in the wild, security researchers say.

While investigating and patching CVE-2023-46805 and CVE-2024-21887, Ivanti discovered a server-side request forgery (SSRF) bug, CVE-2024-21893.

At the time, it said the zero-day vulnerability had affected “a small number of customers.”

On January 31, Mandiant said it had “identified broad exploitation activity” as attackers tried to exploit the SSRF bug.

On February 5, Rapid7 published a separate analysis of the vulnerability, including an exploit demonstration.

Shadowserver has reported rising exploit volume for the vulnerability.

“We observed CVE-2024-21893 exploitation using ‘/dana-na/auth/saml-logout.cgi’ on Feb 2 hours before @Rapid7 posting and unsurprisingly lots to ‘/dana-ws/saml20.ws’ after publication,” Shadowserver posted on X.

“This includes reverse shell attempts and other checks.  To date, over 170 attacking IPs involved”.

The US Cyber and Infrastructure Security Agency (CISA) has directed US agencies to disconnect Ivanti Connect Secure units in service, and not reconnect them until they have been patched and had a factory reset.



Source link

Istana Having Lunar New Year Open House on 12 Feb with Food Stalls & Performances
Where a Mongolian chef in Hong Kong goes for ramen, momo dumplings, dim sum, Russian food, and beef noodles that remind him of home