"CISA, US and International Partners Warn of Ongoing Exploitation of Multiple Ivanti Vulnerabilities"
The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners have released a Cybersecurity Advisory (CSA) in response to the exploitation of multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. According to the organizations and industry partners, these vulnerabilities have been targeted by various cyber threat actors. The flaws can be used in a chain of exploits to evade authentication, make malicious requests, and run arbitrary commands with elevated privileges. They could result in lateral movement, data exfiltration, web shell deployment, credential theft, and persistent access to a target network. This article continues to discuss the CSA on the ongoing exploitation of multiple Ivanti vulnerabilities.
Submitted by grigby1