Exploitation of a recently disclosed XML external entity (XXE) vulnerability impacting Ivanti enterprise VPN and network access products has commenced.
- The XXE vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateway appliances allows unauthorized access to restricted resources.
- Patches for the vulnerability have been released for affected versions of the products.
- The vulnerability was introduced while attempting to address a different vulnerability in the SAML component.
- Proof-of-concept (PoC) exploits for the vulnerability have been made public.
- Devices were observed being compromised shortly after installing the latest patches and performing a factory reset.
- Customers are advised to apply the patches regardless of previous installations.
- No evidence of malicious attacks exploiting the vulnerability has been found yet.