Two critical zero-day vulnerabilities have been discovered in Ivanti Connect Secure. Organizations using it need to act as quickly as possible.
Unknown hackers are actively targeting two critical zero-day vulnerabilities. This would allow them to bypass two-factor authentication (2FA) to run malicious code on a commonly used Ivanti networking device, Connect Secure. This isn’t the first time Ivanti has come into contact with this.
CVE-2023-846805 and CVE-2024-21887
Ivanti Connect Secure customers should take immediate action and follow the mitigation guidelines. The vulnerabilities are marked CVE-2023-846805 and CVE-2024-21887 and are found in Ivanti Connect Secure, a widely used VPN device formerly known as Pulse Secure. This is not the first time the company has come into contact with widely exploited zero-days.
read also
Three known vulnerabilities in SSL VPN still exploited
Researchers from security firm Veloxity wrote that these two vulnerabilities combined make it trivial to execute commands on the system. As with other VPNs, only authorized devices can grant permission to connect remotely. This “always on” state makes the device an ideal target for discovering vulnerabilities in code.
So far, zero-days appear to have only been exploited in small quantities, but there is a good chance that this could change, concludes Steven Adair, CEO of Veloxity.
2024-01-11 10:21:30
#Zeroday #Ivanti #VPN #actively #exploited