Source |
The Hacker News |
Identifiant |
8447188 |
Date de publication |
2024-02-06 12:28:00 (vue: 2024-02-06 09:07:36) |
Titre |
Récent défaut SSRF dans les produits VPN Ivanti subit une exploitation de masse Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation |
Texte |
Une vulnérabilité de demande de demande de serveur (SSRF) récemment divulguée (SSRF) impactant Ivanti Connect Secure and Policy Secure Products est en cours d'exploitation de masse.
La Fondation ShadowServer & NBSP; Said & NBSP; il a observé des tentatives d'exploitation provenant de plus de 170 adresses IP uniques qui visent à établir un shell inversé, entre autres.
Les attaques exploitent & nbsp; CVE-2024-21893 & nbsp; (CVSS
A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation.
The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others.
The attacks exploit CVE-2024-21893 (CVSS |
Envoyé |
Oui |
Condensat |
170 2024 21893 addresses aim among attacks attempts come connect cvss disclosed establish exploit cve exploitation flaw forgery foundation said it from has impacting ivanti mass more observed originating others policy products recent recently request reverse secure server shadowserver shell side ssrf than under undergoes unique vpn vulnerability |
Tags |
Vulnerability
|
Stories |
|
Notes |
★★★
|
Move |
|