A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
https://securelist.com/vulnerability-report-q1-2024/112554/
https://securityaffairs.com/158440/apt/malware-ivanti-vpn-flaws-attacks.html?web_view=true
https://securityaffairs.com/158440/apt/malware-ivanti-vpn-flaws-attacks.html
https://therecord.media/ivanti-warns-of-two-bugs-as-cisa-issues-alert-about-hackers?&web_view=true
https://www.theregister.com/2024/01/31/ivanti_patches_zero_days/