Summary
Ivanti has announced that their Connect Secure-vpn is again vulnerable for 2 new vulnerabilities. 1 privilege escalation and 1 server side request forgery.
CVE-2024-21888 CVSS 3.1, 6.5 (Medium) a privilege escalation bug which Ivanti claims “We have no evidence of customers being impacted by CVE-2024-21888 at this time”
CVE-2024-21893 CVSS 8.2 (High): a server side request forgery which Ivanti confirms that this last one is being used actively in the wild. The SAML component allows a access to restricted resources without any authentication
Security recommendations
Ivanti released a file to mitigate the new released CVEs on 31/1. The previous patches to mitigate the earlier CVEs is not required, it will show that it has been applied after using the new XML file.
More information can be found here.
A post surrounding previous CVEs can be found here.