#Ivanti warns of new #ConnectSecure flaw used in zero-day attacks
connectsecure
MITRE disclosed that one of their research and development networks was compromised by a foreign nation-state threat actor in January 2024 using Ivanti Connect Secure zero-days CVE-2023-46805 and CVE-2024-21887. Networked Experimentation, Research, and Virtualization Environment (NERVE) is a collaborative network used for research, development, and prototyping. MITRE included a timeline, observed TTP methods (mapped out to MITRE ATT&CK techniques cc: @howelloneill) and their incident response actions. No IOC provided. 🔗 https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks and https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8 h/t @reverseics
#MITRE #Ivanti #ConnectSecure #CVE_2023_46805 #CVE_2024_21887 #threatintel #cyberespionage
Edited 332d ago
Hot off the press! Mandiant published another Ivanti Connect Secure VPN exploitation blog post outlining additional TTPs and observations for UNC5325, a suspected Chinese cyber espionage operator.
🔗 https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence
cc: @campuscodi @iagox86 @brett
#cyberespionage #IOC #TTPs #UNC5325 #China #Ivanti #ConnectSecure #vulnerability #zeroday #eitw #activeexploitation #UTA0178 #UNC5221 #CVE_2023_46805 #CVE_2024_21887 #KEV #KnownExploitedVulnerabilitiesCatalog #CISA #CVE_2024_21888 #UNC5325
Edited 1y ago
Just your periodic update from Ivanti regarding their CVE-2023-46805 (8.2 high) and CVE-2024-21887 (9.1 critical) zero-days (both disclosed 10 January 2024 as exploited in the wild, has Proofs of Concept, mass exploitation):
"Update 26 January: The targeted release of patches for supported versions is delayed, this delay impacts all subsequent planned patch releases. We are now targeting next week to release a patch for Ivanti Connect Secure (versions 9.1R17x, 9.1R18x, 22.4R2x and 22.5R1.1), Ivanti Policy Secure (versions 9.1R17x, 9.1R18x and 22.5R1x) and ZTA version 22.6R1x.
Patches for supported versions will still be released on a staggered schedule. Instructions on how to upgrade to a supported version will also be provided.
The timing of patch release is subject to change as we prioritize the security and quality of each release. Please ensure you are following this article to receive updates as they become available."
🔗 https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
#Ivanti #ConnectSecure #vulnerability #zeroday #eitw #activeexploitation #UTA0178 #UNC5221 #CVE_2023_46805 #CVE_2024_21887 #KEV #KnownExploitedVulnerabilitiesCatalog #CISA