Two Zero-Day Flaws Found in Ivanti Connect Secure and Policy Secure
Threat Level – Red | Vulnerability Report
Download PDFThe active exploitation of zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure and Ivanti Policy Secure gateways presents a serious threat, allowing unauthorized remote code execution. The actor, recognized as the Chinese nation-state-level entity UTA0178, employed these exploits for system compromise, underscoring the urgency for affected organizations to promptly apply mitigations, conduct comprehensive post-compromise analyses, and implement forthcoming patches.
Threat Level – Red | Vulnerability Report
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox