Dark Mode Light Mode

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow Us
Follow Us
Login Login

No fixes yet for Ivanti VPN zero-days exploited by state-backed hackers.

U.S. software company Ivanti disclosed that hackers are exploiting two critical-rated vulnerabilities in its widely used corporate VPN appliance, but updates won’t be available until the end of the month.

Ivanti Connect Secure included CVE-2023-46805 and CVE-2024-21887 vulnerabilities. This remote access VPN, formerly Pulse Connect Secure, lets mobile and distant users access company resources online.

Ivanti stated “less than 10 customers” had been affected by the “zero day” vulnerabilities, which it had no time to remedy before being exploited.

Advertisement

Volexity, a cybersecurity provider, observed unusual behavior on one of these customers’ networks in the second week of December. Volexity revealed that hackers chained the two Connect Secure vulnerabilities to execute unauthenticated remote code, enabling them to “steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance.”

Volexity has evidence that the customer’s VPN equipment may have been infiltrated as early as December 3 and attributed the assault to UTA0178, a China-backed hacking gang.

Security researcher Kevin Beaumont wrote on Mastodon that there would “likely be many more victims.” Ivanti, no stranger to zero days, maintains that only a few corporate clients are impacted. Beaumont called the two vulnerabilities “ConnectAround,” and a scan showed 15,000 compromised Ivanti devices accessible to the internet worldwide.

Ivanti claims remedies for the two vulnerabilities will be issued staggered from January 22 to mid-February. Ivanti refused to explain why fixes weren’t given promptly to Eltrys. Ivanti does not indicate whether these in-the-wild assaults have caused data exfiltration or who the threat actor is.

U.S. cybersecurity watchdog CISA has also advised Ivanti Connect Secure to address the two vulnerabilities immediately.

Volexity warns that these mitigations will not fix prior breaches.

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Hestiia wants crypto mining to heat your home.

Next Post

Airbnb or hotel? Overmoon integrates the best of both holiday rental models.

Advertisement