Exploitation of a recently disclosed XML external entity (XXE) vulnerability impacting Ivanti enterprise VPN and network access products has commenced, multiple security researchers warned over the weekend.
Affecting the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateway appliances and tracked as CVE-2024-22024 (CVSS score of 8.3), the issue can be exploited to access certain restricted resources without authentication.
Last week, Ivanti announced that patches for the bug were released for Connect Secure versions 9.x and 22.x, Policy Secure versions 9.x and 22.x, and ZTA gateways versions 22.x.
[...]
Exploitation of Another Ivanti VPN Vulnerability Observed
Exploitation of Another Ivanti VPN Vulnerability Observed
-
rbc
- President
- Posts: 291
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Exploitation of Another Ivanti VPN Vulnerability Observed
Robert B. Carleton + ISC2 Central Mississippi President