Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

February 6, 2024 at 03:15AM

A server-side request forgery (SSRF) vulnerability in Ivanti products is being widely exploited, leading to mass attacks from over 170 unique IP addresses. The exploit allows unauthorized access to restricted resources. Security firm Rapid7 released a proof-of-concept exploit, and outdated open-source components in Ivanti VPN appliances pose further security risks. Ivanti is actively issuing official patches to address the vulnerabilities.

Key Takeaways from Meeting Notes:

– Ivanti Connect Secure and Policy Secure products are impacted by a server-side request forgery (SSRF) vulnerability, which has been heavily exploited.
– CVE-2024-21893, an SSRF flaw in Ivanti’s products, is being exploited to gain access to restricted resources without authentication and can lead to unauthenticated remote code execution when combined with CVE-2024-21887.
– The presence of out-of-date open-source components used by Ivanti VPN appliances has further heightened the risk of attacks.
– Ivanti has released a second mitigation file and has begun issuing official patches to address the vulnerabilities.
– Threat actors have been leveraging the vulnerabilities to deploy custom web shells, and a significant number of Ivanti Connect Secure and Policy Secure instances have been exposed and compromised worldwide.

These takeaways highlight the urgency for addressing and patching the vulnerabilities in Ivanti’s products to mitigate the risk of exploitation and unauthorized access.

Full Article