A pair of vulnerabilities in Ivanti Connect Secure and Policy Secure are being actively exploited. There are currently no fixes available for the authentication bypass and command injection vulnerabilities. Ivanti expects to have fixes for the vulnerabilities available by January 22 and February 19, respectively. Users are advised to take steps to mitigate the issues until patches are available. More https://arstechnica.com/security/2024/01/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks/
