CVE-2024-21888

Vulnerability updated a month ago (2024-11-29T14:48:12.057Z)

Download STIX

Preview STIX

CVE-2024-21888 is a software vulnerability identified in Ivanti Connect Secure and Ivanti Policy Secure's Web component. This flaw, which presents as a privilege escalation vulnerability, was discovered during the rollout of updates for other vulnerabilities. Despite its potential severity, there have been no observed instances of this vulnerability being exploited in the wild at the time of disclosure. This vulnerability was disclosed alongside two others, CVE-2024-21893 and CVE-2024-21887, both of which had already seen active exploitation. CVE-2024-21893, a server-side request forgery flaw, has been used in targeted zero-day attacks. The news about these vulnerabilities followed closely on the heels of an Ivanti update that included fixes for these bugs, indicating a high level of threat activity associated with Ivanti products. In response to these findings, Ivanti began releasing patches for all the mentioned vulnerabilities, including CVE-2024-21888. Additionally, they provided a second mitigation aimed at enhancing resilience against attacks that chain CVE-2024-21893 with CVE-2024-21887 to compromise Ivanti devices. Organizations using Ivanti products are advised to apply these patches and mitigations promptly to reduce their risk exposure.

Description last updated: 2024-03-14T17:20:12.318Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ivanti

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2024-21893 Vulnerability is associated with CVE-2024-21888. CVE-2024-21893 is a server-side request forgery (SSRF) vulnerability, a flaw in software design or implementation within Ivanti's products. This particular vulnerability has been exploited in targeted attacks as a zero-day, which means it was used by attackers before the vendor became aware of and p	Unspecified	2

Source Document References

Information about the CVE-2024-21888 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Ivanti follows CISA warning with new protection tool
DARKReading	9 months ago	Ivanti Keeps Security Teams Scrambling With 2 More Vulns
CERT-EU	10 months ago	Cyber Security Week in Review: March 15, 2024
CERT-EU	10 months ago	Magnet Goblin Uses 1-Day Exploits to Drop Custom Malware on Linux, Windows
CERT-EU	10 months ago	US cybersecurity agency takes systems offline after Ivanti compromise
CERT-EU	10 months ago	Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware
CERT-EU	10 months ago	Magnet Goblin exploits Ivanti, Magento, Qlink Sense flaws to drop malware
Securityaffairs	10 months ago	Magnet Goblin group used a new Linux variant of NerbianRAT malware - Security Affairs
Checkpoint	10 months ago	Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research
CERT-EU	10 months ago	Cyber Security Week in Review: March 1, 2024
CERT-EU	10 months ago	CISA, Mandiant Warn of a Worsening Situation for Ivanti Users
Securityaffairs	10 months ago	Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
CISA	10 months ago	Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways \| CISA
InfoSecurity-magazine	a year ago	New Ivanti Vulnerability Observed as Widespread Security Concerns Grow
DARKReading	a year ago	Ivanti Gets Poor Marks for Cyber Incident Response
Malwarebytes	a year ago	Ivanti urges customers to patch yet another critical vulnerability \| Malwarebytes
InfoSecurity-magazine	a year ago	Latest Ivanti Zero Day Exploited By Scores of IPs
Securityaffairs	a year ago	Experts warn of a surge of attacks targeting Ivanti SSRF flaw
Checkpoint	a year ago	5th February – Threat Intelligence Report - Check Point Research
Malwarebytes	a year ago	CISA: Disconnect vulnerable Ivanti products TODAY \| Malwarebytes