Blog

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

Ivanti is alerting to two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild.

Understanding Zero-Day Vulnerabilities: Zero-day vulnerabilities refer to security flaws in software or hardware that are unknown to the vendor or the public. Hackers exploit these vulnerabilities before developers have had the opportunity to create and release patches or fixes. The term “zero-day” signifies zero days of protection against these exploits, leaving users exposed until a solution is implemented.

Although the Utah-based software business stated that “the exploitation of CVE-2024-21893 appears to be targeted” and that it is “aware of a limited number of customers impacted” by the vulnerability, it added that it has not yet discovered any indication of consumers being impacted by CVE-2024-21888.

The Two New Zero-Day Flaws:

Ivanti has brought attention to two distinct zero-day vulnerabilities, which pose serious threats to digital security.

  1. Zero-Day Vulnerability A: Description and Implications
    • Nature of the Flaw: Provide a brief overview of the technical aspects of the first zero-day vulnerability, including affected software, potential attack vectors, and severity.
    • Exploitation Status: Discuss whether cybercriminals are actively exploiting this vulnerability.
    • Recommendations: Offer general advice to users and organisations on mitigating the risks associated with this particular vulnerability.
  1. Zero-Day Vulnerability B: Description and Implications
    • Nature of the Flaw: Present a concise summary of the technical details of the second zero-day vulnerability, including the affected systems and possible consequences.
    • Exploitation Status: Indicate whether this vulnerability is actively being exploited and provide any available information on the attacks observed.
    • Mitigation Strategies: Offer practical steps that users and organisations can take to reduce their exposure to potential threats related to this vulnerability.

In a new advisory released today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that attackers are taking advantage of these two weaknesses to get credentials and drop web shells that facilitate more business network intrusion.

“Some threat actors have recently developed workarounds to current mitigations and detection methods and have been able to exploit weaknesses, move laterally, and escalate privileges without detection,” the agency stated.

Active Exploitation and Immediate Concerns

Emphasise the urgency and significance of the zero-day vulnerability currently under active exploitation. Explore the potential ramifications for individuals, businesses, and critical infrastructure, highlighting the need for prompt action.

Ivanti’s Response and Patching Process

Discuss Ivanti’s reaction to the discovery of these zero-day vulnerabilities. Explore their efforts in developing and releasing patches or updates to address the security flaws. Guide how users can obtain and apply these patches to safeguard their systems.

General Cybersecurity Best Practices

Reiterate fundamental cybersecurity best practices that users and organisations should follow to enhance their overall security posture. These may include regular software updates, employee training, network segmentation, and advanced threat detection solutions.

Domain Monitoring

Keeping track of domain registrations to identify and mitigate phishing sites or domains that mimic the brand.