Ivanti, a widely used corporate VPN appliance, has warned about the exploitation of another zero-day vulnerability by state-backed hackers. The company has discovered two additional flaws affecting its Connect Secure VPN product, one of which is a zero-day vulnerability known as a server-side bug.
Ivanti has identified new zero-day vulnerabilities affecting its Connect Secure VPN product, with state-backed hackers exploiting these flaws. The delayed release of patches raises concerns about the security of affected systems and the potential impact on organizations.
New Zero-Day Vulnerabilities Discovered
Ivanti has identified two new vulnerabilities, CVE-2024-21888 and CVE-2024-21893, affecting its Connect Secure VPN product. The former is a privilege escalation vulnerability, while the latter is a server-side bug that allows unauthorized access to restricted resources without authentication.
Targeted Exploitation and Potential Risks
Ivanti has observed targeted exploitation of the server-side bug, raising concerns about the security of previously mitigated systems. Germany’s Federal Office for Information Security has reported knowledge of multiple compromised systems, highlighting the potential risks associated with these vulnerabilities.
Attribution and Impact
Ivanti has not attributed these intrusions to a specific threat group. However, cybersecurity companies have linked the exploitation of the initial Connect Secure bugs to a China government-backed hacking group. The impact of these vulnerabilities is significant, with at least 1,700 Ivanti Connect Secure appliances worldwide exploited by the first round of flaws, affecting organizations in various industries.
Delayed Patch Release
Ivanti released a patch to protect against the previously disclosed Connect Secure vulnerabilities on the same day as the disclosure of the new zero-day. However, it is unclear whether the patch is available to all Ivanti Connect Secure users, as the company had initially planned to release the patch on a staggered basis.