Zero-day vulnerability in Ivanti software
released on 2024-02-14 @ 09:42:59 AM
Several actively exploited 0-day vulnerabilities were discovered in Ivanti products, including Ivanti Connect Secure and Ivanti Policy Secure. The vulnerabilities allow unauthenticated remote code execution and have been exploited by threat actors to install webshells and steal credentials. Ivanti has released patches and mitigations to address the issues. Organizations using vulnerable Ivanti products are advised to apply patches or mitigations as soon as possible and investigate for signs of compromise.