More mass exploits hit the same buggy Ivanti devices

More mass exploits hit the same buggy Ivanti devices

February 5, 2024 at 03:50PM

Miscreants are exploiting the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability CVE-2024-21893. Ivanti disclosed the bug in their software on January 31 and expects increased exploitation once details are public. Exploits targeting it are multiplying, with over 170 attacking IPs involved. The US Cybersecurity agency issued an emergency directive about it.

Key takeaways from the meeting notes:

– Ivanti has identified a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 in its SAML component of Ivanti Connect Secure and Ivanti Policy Secure appliances.
– This vulnerability has been exploited, with over 170 attacking IPs involved.
– Rapid7 principal security researcher Stephen Fewer has confirmed that the SSRF vulnerability can be chained with CVE-2024-21887 for unauthenticated command injection with root privileges.
– There is concern that the exploitation of CVE-2024-21893 will increase significantly once this information becomes public, similar to previous incidents.
– The US Cybersecurity and Infrastructure Security agency has issued an emergency directive requiring federal agencies running Ivanti Connect Secure or Ivanti Policy Secure to disconnect these products from agency networks by February 2.

These takeaways highlight the severity and urgency of addressing the vulnerabilities in Ivanti software and the need for immediate action to mitigate potential exploitation.

Full Article