ivanti News Articles
Recent news articles refferecing the vendors vulnerabilities.
Ivanti’s bug-plagued network appliances attacked using fresh exploit
Multiple threat actors have begun exploiting one of four recently discovered flaws afflicting the vendor’s VPN and network gateway products.
4 days ago
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution risks.
2 weeks ago
3 More Ivanti Cloud Vulns Exploited in the Wild
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).
2 months ago
Ivanti zero-day vulnerabilities exploited in chained attack | TechT...
A limited number of Ivanti Cloud Service Application customers have been attacked in exploit chains containing zero-day vulnerabilities.
2 months ago
Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks
Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs
2 months ago
Ivanti warns critical flaws in Endpoint Manager exploited in the wild
Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).
2 months ago
Three new Ivanti CSA zero-day actively exploited in attacks
Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks.
2 months ago
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Ivanti warns of active exploitation of three new CSA vulnerabilities, enabling hackers to bypass security measures.
2 months ago
Ivanti, Critical Security Vulnerability CVE-2024-29824 SQL Injection - ZAM
On October 2, 2024, CISA issued an advisory regarding active exploitation of CVE-2024-29824, affecting Ivanti Endpoint Manager.
3 months ago
Critical Ivanti Vulnerability CVE-2024-29824 Under Attack
CISA warns of active exploitation of an Ivanti vulnerability, CVE-2024-29824. Patching required by October 23, 2024, to protect systems.
3 months ago
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers.
3 months ago
Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog.
3 months ago
Ivanti Endpoint Manager Vulnerability Public Exploit is Now Used in Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing threat landscape faced by federal and private entities alike.
3 months ago
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
Critical Ivanti Endpoint Manager flaw CVE-2024-29824 actively exploited. CISA urges immediate updates to secure networks
3 months ago
Ivanti EPM Vulnerability Exploited in the Wild
An Ivanti EPM SQL injection vulnerability tracked as CVE-2024-29824 has been exploited to target some of the company’s customers.
3 months ago
Critical Ivanti RCE flaw with public exploit now used in attacks
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.
3 months ago
More Ivanti vulnerabilities exploited in the wild | TechTarget
Three Ivanti vulnerabilities have been exploited in the wild this month, though details about the attacks are scarce.
3 months ago
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) - Help Net Security
CVE-2024-7593, a critical auth bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited.
3 months ago
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
CISA adds Ivanti vTM flaw CVE-2024-7593 to Known Exploited Vulnerabilities list, urging swift remediation.
3 months ago
Ivanti's Cloud Service Attacked via Second Vuln
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
3 months ago
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, CVE-2024-8963, has been exploited.
3 months ago
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) - Help Net Security
CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation.
3 months ago
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.
3 months ago
CISA warns of hackers exploiting bug for end-of-life Ivanti product
Ivanti's Cloud Service Appliance has a "high severity vulnerability" being exploited in the wild.
3 months ago
Newly patched Ivanti CSA flaw under active exploitation
The Cloud Service Appliance command injection vulnerability — patched as part of the final update for end-of-life CSA version 4.6 — has been attacked in the wild, Ivanti confirms.
3 months ago
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) - Help Net Security
Ivanti has fixed a slew of vulnerabilities in Endpoint Manager, including a maximum severity one RCE flaw (CVE-2024-29847).
3 months ago
Ivanti Warns Users to Patch Authentication Bypass Vulnerability
The vulnerability is due to an incorrect implementation of an authentication algorithm. Ivanti has urged users to patch a critical authentication bypass vulnerability.The flaw - tracked as...
4 months ago
Ivanti Virtual Traffic Manager Flaw Let Hackers Create Rogue Admin Accounts
Ivanti Virtual Traffic Manager has been discovered with a critical vulnerability that was associated with an authentication bypass.
4 months ago
Critical Ivanti vTM Bug Allows Unauthorized Admin Access
The CVSS 9.8 authentication bypass in Ivanti's traffic manager admin panel already has a proof-of-concept exploit (PoC) lurking in the wild.
4 months ago
Ivanti warns of critical vTM auth bypass with public exploit
Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts.
4 months ago
Ivanti EPM - Remote Code Execution (CVE-2024-29824)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code..
5 months ago
Numerous Ivanti VPN gateways impacted by RCE vulnerability
BleepingComputer reports that attacks leveraging a recently patched high-severity heap overflow vulnerability, tracked as CVE-2024-21894, could impact nearly 16,500 internet-exposed Ivanti Connect Secure and Poly Secure VPN gateways.
6 months ago
Vulnerability Recap 6/18/24: Patch Tuesday, Ivanti, Pixel
Microsoft Patch Tuesday identifies and fixes more than 50 vulnerabilities, plus Ivanti Endpoint Manager runs into yet another RCE bug.
6 months ago
PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager
A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager.
6 months ago
Ivanti EPM SQL Injection Flaw Let Attackers Execute Remote Code
In May 24, 2024, Zero-Day Initiative released a security advisory for Ivanti EPM which was associated with SQL injection Remote code
6 months ago
Ivanti herstelt kritieke fouten bij de uitvoering van externe code in Endpoint Manager
Ivanti heeft dinsdag oplossingen uitgerold om meerdere kritieke beveiligingsfouten in Endpoint Manager (EPM) aan te pakken, die onder bepaalde omstandigheden kunnen worden misbruikt om code op afstand uit te voeren. Zes van de tien kwetsbaarheden – van CVE-2024-29822 tot en ... Lees verder
7 months ago
watchTowr Labs - Blog
The epicentre of offensive security expertise and research at watchTowr - watchTowr Labs.
7 months ago
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery
Ivanti Connect Secure (ICS) devices are under attack! Two critical vulnerabilities are being exploited to deploy the notorious Mirai botnet.
7 months ago
Security Bulletin: Critical Vulnerabilities in Ivanti Avalanche (CVE-2024-29204, CVE-2024-24996) | Manchester Digital
Summary of Bulletin:On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204
8 months ago
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) - Help Net Security
The newest version of Ivanti Avalanche carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical.
8 months ago
TIM Red Team Research scopre un Bug di CSV Injection su Ericsson Network Manager (ENM)
Il laboratorio di ricerca sui bug di TIM il Red Team Research, rileva un bug sul prodotto Ericsson Network Manager (ENM) ed Ericsson emette un bollettino.
8 months ago
+16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw.
9 months ago
New Ivanti RCE flaw may impact 16,000 exposed VPN gateways
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week.
9 months ago
Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation
On Jan. 12, 2024, Mandiant published a blog post detailing two high-impact zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affecting Ivanti Connect Secure VPN (CS, formerly Pulse Secure) and...
9 months ago
Multiple Ivanti Connect Secure Flaw Let Attackers Execute Remote Code
Ivanti Connect Secure and Policy Secure Gateways has been discovered with four new vulnerabilities which were associated with Heap overflow,
9 months ago
Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities
9 months ago
Ivanti patches bugs in Connect Secure and Policy Secure gateways
IT security software company Ivanti has released security patches to fix four critical vulnerabilities affecting its Connect Secure and Policy Secure gateways.
9 months ago
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).
9 months ago
WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!
Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva
9 months ago
WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!
Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva
9 months ago