Ivanti has finally released patches for two critical zero-day vulnerabilities, but said the update also covers two new bugs – one of which is being actively exploited in attacks.
Ivanti released details of CVE-2023-46805 and CVE-2024-21887 in mid-January.The zero-days impact its Connect Secure VPN product and Policy Secure network access control (NAC) offering and can be chained to allow an unauthenticated actor to craft malicious requests and execute arbitrary commands on the system.
[Read More…](Ivanti Releases Zero-Day Patches and Reveals Two New Bugs - Infosecurity Magazine (infosecurity-magazine.com))