Ivanti disclosed two new critical vulnerabilities in Connect Secure on Wednesday, tracked as CVE-2024-21888 and CVE-2024-21893. The company said that CVE-2024-21893-a class of vulnerability known as a server-side request forgery-"appears to be targeted," bringing the number of actively exploited vulnerabilities to three.
Almost two weeks later, researchers said the zero-days were under mass exploitation in attacks that were backdooring customer networks around the globe. A day later, Ivanti failed to make good on an earlier pledge to begin rolling out a proper patch by January 24.
#ivanti-vpn-software #critical-vulnerabilities #exploitation #cybersecurity-and-infrastructure-security-agency #disconnect-mandate
[
add
]
[
|
|
...
]