Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.| Volexity
CVE Modified by CVE 11/21/2024 3:29:20 AM| nvd.nist.gov
Modified Analysis by NIST 11/29/2024 10:21:57 AM| nvd.nist.gov