Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN [Thursday, January 11, 2024]

Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN - Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base ar
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN [Thursday, January 11, 2024]
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Report

Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN

Description :
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.

Published Created Modified
2024-01-11 09:47:43 2024-01-11 09:47:43 2024-01-11 09:53:44

Tags

Indicators

IPv4s :
  • 47.207.9.89
  • 71.127.149.194
  • 75.145.224.109
  • 98.160.48.170
  • 50.243.177.161
  • 206.189.208.156
  • 64.24.179.210
  • 73.128.178.221
  • 50.215.39.49
  • 75.145.243.85
  • 50.213.208.89
  • 173.220.106.166
  • 173.53.43.7
Domains :
  • sessionserver.sh
  • sessionserver.pl
  • dslogconfig.pm
  • webb-institute.com
  • gpoaccess.com
  • symantke.com
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.