"Newest Ivanti SSRF Zero-Day Now Under Mass Exploitation"

Multiple attackers are currently exploiting a Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Ivanti Policy Secure, tracked as CVE-2024-21893. On January 31, 2024, Ivanti first warned about the flaw in the gateway's Security Assertion Markup Language (SAML) components, assigning it a zero-day status for limited active exploitation and affecting a small number of customers. Exploiting the flaw enabled attackers to bypass authentication and gain access to restricted resources on vulnerable devices. Shadowserver researchers now see multiple attackers attempting to exploit the SSRF bug from 170 IP addresses. This article continues to discuss the mass exploitation of the Ivanti Connect Secure and Ivanti Policy Secure SSRF vulnerability. 

Bleeping Computer reports "Newest Ivanti SSRF Zero-Day Now Under Mass Exploitation"

Submitted by grigby1