More hilarity on #ConnectAround - there’s now two NEW vulnerabilities in Ivanti Pulse Secure, being actively exploited as zero days too - no patches.
Updated advisory with updated mitigations you need to reapply:
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CVEs: CVE-2024-21893 and CVE-2024-21888
CERT advisory: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-205101-1032.pdf?__blob=publicationFile&v=2
HT npub1eg705tw0h4uuc5leamapf4q9v9twld2ys6nl5wzpg4ap8u90mtmqesgrx6 (npub1eg7…grx6)
#threatintel
Kevin Beaumont /
npub176…fkwlw
2024-01-31 11:34:07
in reply to nevent1q…nea7
Author Public Key
npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlwPublished at
2024-01-31 11:34:07Event JSON
{
"id": "0016ba4cbabcd01a0a5fe809b4dfb76883c27498001e520b192f33e2f94f03cf",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1706700847,
"kind": 1,
"tags": [
[
"p",
"ca3cfa2dcfbd79cc53f9eefa14d4056156efb54486a7fa3841457a13f0afdaf6",
"wss://relay.mostr.pub"
],
[
"p",
"36c6a324970ecffb5197ab0abe70d4556e4c8442a62b3805feda01799ff3f563",
"wss://relay.mostr.pub"
],
[
"e",
"15012ede0e1534d5a93b7361fadc2b31e98a8df37a3216ec85e34b15d52614e6",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"connectaround"
],
[
"t",
"threatintel"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/111850346752126760",
"activitypub"
]
],
"content": "More hilarity on #ConnectAround - there’s now two NEW vulnerabilities in Ivanti Pulse Secure, being actively exploited as zero days too - no patches. \n\nUpdated advisory with updated mitigations you need to reapply: \nhttps://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\n\nCVEs: CVE-2024-21893 and CVE-2024-21888\n\nCERT advisory: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-205101-1032.pdf?__blob=publicationFile\u0026v=2\n\nHT nostr:npub1eg705tw0h4uuc5leamapf4q9v9twld2ys6nl5wzpg4ap8u90mtmqesgrx6\n\n#threatintel",
"sig": "c4f6833bdd18646a534bc8cd8dda10526cce316ff2f54b55e308a91eae7383d2c436f27565ea38601dd9c7f5500d3d2fc484c236b0b76e03a94ec5be536403d6"
}