Read more on Ivanti vulnerabilities:
- Two Ivanti Zero-Days Actively Exploited in the Wild
- Ivanti Zero-Days Exploited By Multiple Actors Globally
- Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver
- Ivanti Releases Zero-Day Patches and Reveals Two New Bugs
- Latest Ivanti Zero Day Exploited By Scores of IPs
Bad news continues to pile up for Utah-based IT software provider Ivanti as a new vulnerability has been discovered in its products.
On February 8, Ivanti disclosed a new authentication bypass vulnerability impacting its Connect Secure, Policy Secure, and ZTA gateways.
This new vulnerability, identified as CVE-2024-22024, is the latest of a series of vulnerabilities discovered in several Ivanti products since mid-January 2024 – namely, in order of discovery, CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893.
The vulnerability is due to a flaw in Ivanti’s gateways' Security Assertion Markup Language (SAML) component, the part of the gateway software that handles this communication and helps ensure secure authentication.
By exploiting this flaw, remote attackers can gain access to restricted resources on unpatched appliances without requiring any user interaction or authentication.
Although the company claimed the vulnerability was not being actively exploited, it urged its users to implement the mitigation processes the company released in another advisory.
On February 14, content delivery network (CDN) provider Akamai published a report in which it observed malicious activity targeting this new vulnerability.
Akamai said it saw a peak of 240,000 requests and 80 IPs attempting to send payloads on February 11.
No tags.
