More woes for Ivanti as exploit activity rises

By

SSRF bug under attack.

A security vulnerability discovered by Ivanti during a separate security investigation is being widely exploited in the wild, security researchers say.

More woes for Ivanti as exploit activity rises

While investigating and patching CVE-2023-46805 and CVE-2024-21887, Ivanti discovered a server-side request forgery (SSRF) bug, CVE-2024-21893.

At the time, it said the zero-day vulnerability had affected “a small number of customers.”

On January 31, Mandiant said it had “identified broad exploitation activity” as attackers tried to exploit the SSRF bug.

On February 5, Rapid7 published a separate analysis of the vulnerability, including an exploit demonstration.

Shadowserver has reported rising exploit volume for the vulnerability.

“We observed CVE-2024-21893 exploitation using '/dana-na/auth/saml-logout.cgi' on Feb 2 hours before @Rapid7 posting and unsurprisingly lots to '/dana-ws/saml20.ws' after publication," Shadowserver posted on X.

"This includes reverse shell attempts and other checks.  To date, over 170 attacking IPs involved”.

The US Cyber and Infrastructure Security Agency (CISA) has directed US agencies to disconnect Ivanti Connect Secure units in service, and not reconnect them until they have been patched and had a factory reset.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Log In

  |  Forgot your password?