Welcome To 2024 - The SSLVPN Chaos Continues

tags:iotivantivpnauth_bypasscommand_injectionfirmwareenterprise_app original link: Welcome To 2024: The SSLVPN Chaos Continues newsletter link: exploits.club Weekly Newsletter 04

---

Exploits Club Summary:

It’s been a tough few days for Ivanti. After it was reported that two vulnerabilities were being used in the wild to achieve unauthenticated RCE against their Ivanti Connect Secure (ICS) VPN Appliance, watchtowr released this post detailing the vulnerabilities and exploitation. Following that, Synacktiv released a report detailing multiple additional vulnerabilities they had discovered in ICS. Yikes.