Vulnérabilités actives sur Ivanti exploitées au Luxembourg (uniquement en anglais)

The CSSF has been made aware of recent severe security vulnerabilities, CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, which are actively exploited in Luxembourg. As mentioned on the national cybersecurity portal: “Successful exploitation of the vulnerabilities in these affected products enables a cyber threat actor to seize control of the impacted system, achieve unauthenticated remote code execution, elevate their privileges to that of an administrator, gain access to certain restricted resources without authentication and exfiltrate data”.

CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL: https://circl.lu/pub/tr-78/.

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.