Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.6 views

PT-2024-25995 · W3C · Xml Signature Syntax/Processing

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

8.2CVSS8.6AI score0.99999EPSS
Exploits5References6
The Hacker News
The Hacker News
added 2024/02/29 5:49 a.m.70 views

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTE...

9.1CVSS8.4AI score0.99999EPSS
Exploits19
Packet Storm
Packet Storm
added 2024/02/21 12:0 a.m.772 views

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains a server side request forgery SSRF...

9.1CVSS7.4AI score0.99999EPSS
Exploits26
0day.today
0day.today
added 2024/02/21 12:0 a.m.498 views

Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit

This Metasploit module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All current...

9.1CVSS8.7AI score0.99999EPSS
Exploits26
The Hacker News
The Hacker News
added 2024/02/15 2:20 p.m.76 views

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

9.1CVSS7.3AI score0.99999EPSS
Exploits25
HackRead
HackRead
added 2024/02/06 6:15 p.m.44 views

Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches

By Deeba Ahmed Zero-Day Nightmare: CVE-2024-21893 Exploits Surge in Attacks on Ivanti Products. This is a post from HackRead.com Read the original post: Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches...

6.4CVSS7.3AI score0.99999EPSS
Exploits5
hivepro
hivepro
added 2024/02/06 8:18 a.m.54 views

Attacks, Vulnerabilities and Actors 29 January to 4 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and six exploited...

6.4CVSS7.1AI score0.99999EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.43 views

Ivanti Policy Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)

Binary data ivantipsssrfrceCVE-2024-21893.nbin...

8.2CVSS8.6AI score0.99999EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.41 views

Ivanti Policy Secure 9.x / 22.x SSRF (CVE-2024-21893)

Binary data ivantipsCVE-2024-21893.nbin...

8.2CVSS8.6AI score0.99999EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.80 views

Ivanti Connect Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)

Binary data ivanticsssrfrceCVE-2024-21893.nbin...

8.2CVSS8.6AI score0.99999EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.83 views

Ivanti Connect Secure 9.x / 22.x SSRF (CVE-2024-21893)

Binary data ivanticsCVE-2024-21893.nbin...

8.2CVSS8.6AI score0.99999EPSS
Exploits5References2
Malwarebytes
Malwarebytes
added 2024/02/02 2:18 p.m.41 views

CISA: Disconnect vulnerable Ivanti products TODAY

In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...

6.5CVSS7.3AI score0.99999EPSS
Exploits26
CVE
CVE
added 2024/01/31 5:51 p.m.497 views

CVE-2024-21893

Technical details about CVE-2024-21893 are not provided in the connected documents. The initial description notes an SSRF vulnerability in Ivanti products, but there are no product/version specifics or remediation details here. Monitor for updates.

8.2CVSS8.8AI score0.99999EPSS
In wildExploits5References2Affected Software2
The Hacker News
The Hacker News
added 2024/01/31 1:38 p.m.85 views

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 CVSS score: 8.8 - A privilege escalation vulnerability in the w...

9.1CVSS9AI score0.99999EPSS
Exploits26
ATTACKERKB
ATTACKERKB
added 2024/01/31 12:0 a.m.217 views

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. Recent assessments: ccondon-r7 at February 02, 2024...

9.1CVSS8.3AI score0.99999EPSS
In wildExploits26References3
Circl
Circl
added 2024/01/10 8:21 p.m.12 views

CVE-2024-21893

creationtimestamp| type| source ---|---|--- 2024-01-10 20:21:17+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus2/2024 2024-01-11 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1197 2024-01-11 11:25:20+00:00| seen|...

8.2CVSS7.3AI score0.99999EPSS
In wildExploits5References74
Rows per page
Query Builder