Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. From a report: Since early December, ââChinese state-backed hackers have been exploiting Ivanti Connect Secure’s flaws — tracked as CVE-2023-46805 and CVE-2024-21887 — to break into customer networks and steal information.
Ivanti is now warning that it has discovered two additional flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting its Connect Secure VPN product. The former is described as a privilege escalation vulnerability, while the latter — known as a zero-day because Ivanti had no time to fix the bug before hackers began exploiting it — is a server-side bug that allows an attacker access to certain restricted resources without authentication. In its updated disclosure, Ivanti said it has observed “targeted” exploitation of the server-side bug. Germany’s Federal Office for Information Security, known as the BSI, said in a translated advisory on Wednesday that it has knowledge of “multiple compromised systems.”
Read more of this story at Slashdot.
