An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Published: 2024-01-31
Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.
Published: 2024-01-11
Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors.
https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/
https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider
https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html
https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
https://isc.sans.edu/diary/rss/31384
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/
https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit
https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html
https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html
https://services.google.com/fh/files/misc/m-trends-2024.pdf
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdf
https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/
https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/
https://infosec.exchange/@[email protected]/111732557655576182
Published: 2024-01-12
Updated: 2024-06-10
Base Score: 8.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N
Severity: High
Base Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity: High
Base Score: 9.2
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
Severity: Critical