{"uuid": "5be3ae0a-98f5-44d3-b9c4-50df9156622c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21887", "type": "seen", "source": "https://t.me/kasraone_com/644", "content": "\ud83d\udd34 CISA\n \u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644 \u0627\u0636\u0637\u0631\u0627\u0631\u06cc \u0631\u0627 \u0628\u0647 \u0622\u0698\u0627\u0646\u0633 \u0647\u0627\u06cc \u0641\u062f\u0631\u0627\u0644 \u062f\u0631 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0647\u0627\u06cc Ivanti Zero-Day \u0635\u0627\u062f\u0631 \u0645\u06cc \u06a9\u0646\u062f\n\n\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.\n\n\nThe development arrives as the vulnerabilities \u2013 an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) \u2013 have come under widespread exploitation by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.\n\n\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u2661 \u2800\u2800 \u3007\u2800\u00a0 \u2800 \u2399\u2800\u200c \u200c \u2332\u2063 \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u02e1\u2071\u1d4f\u1d49\u00a0 \u1d9c\u1d52\u1d50\u1d50\u1d49\u207f\u1d57\u00a0 \u02e2\u1d43\u1d5b\u1d49\u00a0 \u02e2\u02b0\u1d43\u02b3\u1d49\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 K1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kasraone", "creation_timestamp": "2024-01-24T08:44:16.000000Z"}