Newsnews

State-backed Hackers Exploiting New Ivanti VPN Zero-day Vulnerabilities

state-backed-hackers-exploiting-new-ivanti-vpn-zero-day-vulnerabilities

U.S. software company Ivanti has confirmed that hackers are actively exploiting two critical vulnerabilities affecting its widely-used corporate VPN appliance. The company has acknowledged that patches to address these vulnerabilities will not be available until the end of the month.

Key Takeaway

State-backed hackers are actively exploiting critical vulnerabilities in Ivanti’s widely-used corporate VPN appliance, with patches to address these vulnerabilities not expected until the end of the month. Organizations using Ivanti Connect Secure are advised to prioritize the implementation of mitigation guidance to protect against potential exploitation.

Ivanti Connect Secure Vulnerabilities

The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been found in Ivanti’s Connect Secure software, previously known as Pulse Connect Secure. This software serves as a remote access VPN solution, allowing remote and mobile users to access corporate resources over the internet.

Extent of Impact

Although Ivanti has indicated that “less than 10 customers” have been affected by these “zero day” vulnerabilities, cybersecurity company Volexity has reported detecting suspicious activity on a customer’s network in the second week of December. The company found evidence that hackers exploited the vulnerabilities to achieve unauthenticated remote code execution, enabling them to carry out various malicious activities.

Security researcher Kevin Beaumont has suggested that there could be numerous other victims, as a scan revealed approximately 15,000 affected Ivanti appliances exposed to the internet globally.

Response and Mitigation

Ivanti has announced that patches for the vulnerabilities will be released on a staggered basis, beginning the week of January 22 and continuing through mid-February. The company has not provided a specific reason for the delayed availability of patches. Additionally, Ivanti has not disclosed whether any data exfiltration has occurred as a result of these attacks or attributed them to any specific threat actor.

Organizations potentially impacted by these vulnerabilities are urged to prioritize Ivanti’s mitigation guidance, with the U.S. cybersecurity agency CISA also issuing an advisory for immediate mitigation of the vulnerabilities in Ivanti Connect Secure. However, it is important to note that applying these mitigations will not resolve past compromises, as highlighted by Volexity.

Leave a Reply

Your email address will not be published. Required fields are marked *