Two Zero-Day Flaws Found in Ivanti Connect Secure and Policy Secure
Two Zero-Day Flaws Found in Ivanti Connect Secure and Policy Secure
Summary:
The active exploitation of zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure and Ivanti Policy Secure gateways presents a serious threat, allowing unauthorized remote code execution. The actor, recognized as the Chinese nation-state-level entity UTA0178, employed these exploits for system compromise, underscoring the urgency for affected organizations to promptly apply mitigations, conduct comprehensive post-compromise analyses, and implement forthcoming patches.
Threat Level – Red | Vulnerability Report
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.
The active exploitation of zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure and Ivanti Policy Secure gateways presents a serious threat, allowing unauthorized remote code execution. The actor, recognized as the Chinese nation-state-level entity UTA0178, employed these exploits for system compromise, underscoring the urgency for affected organizations to promptly apply mitigations, conduct comprehensive post-compromise analyses, and implement forthcoming patches.
Threat Level – Red | Vulnerability Report
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.
[/vc_column_text][/vc_column][/vc_row]