Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Ivanti Patches Two Zero-Days Under Attack, But Finds Another (techcrunch.com) 1

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. From a report: Since early December, ââChinese state-backed hackers have been exploiting Ivanti Connect Secure's flaws -- tracked as CVE-2023-46805 and CVE-2024-21887 -- to break into customer networks and steal information. Ivanti is now warning that it has discovered two additional flaws -- tracked as CVE-2024-21888 and CVE-2024-21893 -- affecting its Connect Secure VPN product. The former is described as a privilege escalation vulnerability, while the latter -- known as a zero-day because Ivanti had no time to fix the bug before hackers began exploiting it -- is a server-side bug that allows an attacker access to certain restricted resources without authentication. In its updated disclosure, Ivanti said it has observed "targeted" exploitation of the server-side bug. Germany's Federal Office for Information Security, known as the BSI, said in a translated advisory on Wednesday that it has knowledge of "multiple compromised systems."
This discussion has been archived. No new comments can be posted.

Ivanti Patches Two Zero-Days Under Attack, But Finds Another

Comments Filter:

"Your stupidity, Allen, is simply not up to par." -- Dave Mack (mack@inco.UUCP) "Yours is." -- Allen Gwinn (allen@sulaco.sigma.com), in alt.flame

Working...