Various miscreants are attempting to exploit the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 that can be used to hijack equipment.
Ivanti on January 31 disclosed and began patching CVE-2024-21893, which is present in the SAML component of of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) appliances. The vendor spotted the flaw as it was investigating and scrambling to patch two other zero-day bugs in those products: an authentication bypass vulnerability (CVE-2023-46805), and a common injection flaw (CVE-2024-21887), both of which are also under attack.
“The SSRF can be chained to CVE-2024-21887 for unauthenticated command injection with root privileges,” Rapid7 principal security researcher Stephen Fewer added on February 2.
When asked about the attacks this month, an Ivanti spokesperson directed The Register to its earlier security alert. As of February 1, the vendor had issued a patch addressing all known vulnerabilities for Ivanti Connect Secure version 22.5R2.2 and Ivanti Policy Secure 22.5R1.1.