Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request forgery (SSRF) vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure and Neurons for ZTA – in late January, when it issued patches for affected devices. At the same time, the company also fixed CVE-2024-21888, … More
The post Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) appeared first on Help Net Security.