#SecurityIntegrity

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

by

February 15, 2024 at 10:18AM A firmware reverse engineering of Ivanti Pulse Secure revealed outdated, vulnerable software components in the Utah-based company’s appliance. Active exploitation of security flaws in related gateways has been observed. Eclypsium found outdated packages and vulnerable libraries, emphasizing the need for visibility into digital supply chains. Concerns about security holes in … Read more

Ivanti warns of Connect Secure zero-days exploited in attacks

by

January 10, 2024 at 01:59PM Ivanti has disclosed two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure products. The CVE-2023-46805 flaw bypasses authentication, while CVE-2024-21887 allows arbitrary command execution. Chaining the two enables attackers to run commands without authentication. Ivanti is working on patches, with mitigation available until then. The company reports limited … Read more