b2b-daily
Search
Close this search box.
Search
Close this search box.
Home | IT | Cyber Security

Ivanti Security Breach Escalates: Urgent Patching to Thwart SSRF Exploits

Avatar photo
by Paige Williams
February 8, 2024
Image Credit: Unsplash 
Ivanti Security Breach Escalates: Urgent Patching to Thwart SSRF Exploits

The security infrastructure of Ivanti is under significant strain due to a pair of critical vulnerabilities impacting its Connect Secure and Policy Secure solutions. The more severe of these is a server-side request forgery (SSRF) issue, cataloged as CVE-2024-21893, which boasts a high severity rating of 8.2. This vulnerability compromises the SAML service, potentially allowing malefactors to gain unauthorized entry into restricted network segments. The situation has grown increasingly dire since the emergence of a proof of concept (PoC) released by security experts at Rapid7. The PoC elucidates how attackers, by leveraging the SSRF in concert with another vulnerability referred to as CVE-2023-46805, can achieve unauthenticated remote code execution. The swift uptick in exploitation attempts post-release of the PoC underscores the urgency for organizations using Ivanti products to address these critical security issues promptly to safeguard their networks from potential breaches.

Ivanti’s Initial Response and Subsequent Exploits

In a scramble to defend against these incursions, Ivanti rolled out initial mitigation strategies. Unfortunately, adept cybercriminals quickly found ways to bypass these defenses. This prompted Ivanti to introduce a second set of countermeasures and commence patching procedures as of February 1, 2024. These exploits are not isolated incidents. Large-scale compromises have gained traction as attackers establish reverse shells and deploy custom web shells using the disclosed vulnerabilities. Security researcher Will Dormann’s analysis has contributed further to the concern by revealing the use of outdated components within Ivanti products, opening additional avenues for cyber-attacks.

Cybersecurity Authorities’ Warnings and Advisories

The gravity of the situation has not gone unnoticed by European cybersecurity authorities. Their issued warnings come as a loud siren call to organizations harboring Ivanti product instances. The authorities are emphasizing urgent action, pressing for the immediate application of Ivanti’s outlined mitigations. Firms like Google’s Mandiant and Palo Alto Networks’ Unit 42 have underlined the wide-ranging nature of the exploit, demonstrating how pervasive and accessible these vulnerabilities are to malicious entities. The consensus is unequivocal in the cybersecurity community: safeguarding against these exploits cannot wait. The message to organizations is to act swiftly to patch and secure their Ivanti products to neutralize the threat posed by ongoing exploitation of these vulnerabilities.

Digital TransformationInformation Security

Explore more

Wobcom Expands Data Center in Wolfsburg to Meet Demand
October 9, 2025

In an era where digital connectivity forms the backbone of both business and personal life, the escalating demand for robust data infrastructure has become a pressing challenge for many regions. Across Germany, companies are racing to bolster their capabilities to support everything from cloud computing to high-speed internet access. Amid this surge, a notable development has emerged in Wolfsburg, where

kkRAT: Sophisticated Trojan Targets Chinese Users’ Crypto
October 9, 2025

In an era where digital transactions are increasingly central to daily life, the emergence of highly advanced malware poses a severe threat to unsuspecting users, particularly those engaged in cryptocurrency activities. Cybersecurity researchers have recently uncovered a formidable Remote Access Trojan (RAT) named kkRAT, which specifically targets Chinese-speaking individuals. Distributed through deceptive phishing sites hosted on popular platforms, this malware

How Does ANY.RUN Sandbox Slash Security Response Times?
October 9, 2025

Purpose of This Guide This guide aims to help Security Operations Center (SOC) teams and cybersecurity professionals significantly reduce incident response times and enhance threat detection capabilities by leveraging ANY.RUN’s Interactive Sandbox. By following the detailed steps and insights provided, readers will learn how to integrate this powerful tool into their workflows to achieve faster investigations, lower Mean Time to

Trend Analysis: Browser Security Innovations
October 9, 2025

In an age where cyber threats loom larger than ever, imagine opening a browser to check the latest news, only to unknowingly expose sensitive data to a hidden exploit. With billions of users relying on browsers daily for work, communication, and entertainment, the stakes for security have never been higher. Browser security stands as a critical frontline defense against escalating

How Dangerous Is the Adobe Commerce SessionReaper Flaw?
October 9, 2025

Introduction Imagine running an e-commerce platform that processes thousands of transactions daily, only to discover a hidden vulnerability that could allow attackers to take over customer accounts with ease. This scenario is not just a hypothetical concern but a stark reality with the emergence of a critical security flaw in Adobe Commerce and Magento Open Source, known as SessionReaper (CVE-2025-54236).