Ivanti Faces Critical Vulnerabilities, Confidence Undermined

Mass exposure of vulnerability in servers IVANTI ConNECT Secure and Policy Secure, designated as

cve-2024-21893

, causes anxiety among cybersecurity specialists. This serious shortage affects the 9.x and 22.x software version allows attackers to avoid authentication and gain access to limited resources of vulnerable devices.

The first warning from Ivanti was released on January 31, when the vulnerability received the status of the “zero day” due to limited active operation affecting a small number of customers.

Now,

As the Shadowserver threats monitoring threats are actively used by attackers. Specialists recorded attempts to operate it with 170 unique IP addresses. The volume of attacks on this vulnerability significantly exceeds the activity for other recently fixed Ivanti problems, which indicates an obvious shift in the focus with attacking.

February 2, researchers from rapid7

posted

in open access POC-

Explites are usually classified and called by: type of vulnerability that they use; Are they local or remote; as well as the result of the start of exploit (for example, EOP, DOS, Spulping). One of the schemes offering explosion of zero day is Exploit-A-A-Service.