Search cyberveille.decio.ch

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation

Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024. On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network.

#Mandiant #EN #2025 #CVE-2025-0282 #CVE-2025-0283 #IoC #exploitation #analysis #postexploitation #Ivanti

·cloud.google.com·Jan 9, 2025

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation

Ivanti Connect Secure VPN Exploitation Goes Global

On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by multiple organizations that saw signs of compromise by way of mismatched file detections. Volexity has been actively working multiple new cases of organizations with compromised ICS VPN appliances.

#volexity #EN #2024 #CVE-2024-21887 #CVE-2023-46805 #Ivanti #Connect #Secure #Exploitation #mass-exploitation

·volexity.com·Jan 16, 2024

Ivanti Connect Secure VPN Exploitation Goes Global