Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml file via Ivanti’s download portal. About the vulnerabilities (CVE-2023-46805 and CVE-2024-21887) The two security flaws affect all supported versions (v9.x and 22.x) of Ivanti Connect Secure (ICS) – formerly known as Pulse Connect Secure – … More
The post Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) appeared first on Help Net Security.