Ivanti patches two zero-days under attack, but finds anotherReading Time: 2 minutes
Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance.
Since early December, Chinese state-backed hackers have been exploiting Ivanti Connect Secure’s flaws — tracked as CVE-2023-46805 and CVE-2024-21887 — to break into customer networks and steal information.
Ivanti is now warning that it has discovered two additional flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting its Connect Secure VPN product. The former is described as a privilege escalation vulnerability, while the latter — known as a zero-day because Ivanti had no time to fix the bug before hackers began exploiting it — is a server-side bug that allows an attacker access to certain restricted resources without authentication.
In its updated disclosure, Ivanti said it has observed ‘targeted’ exploitation of the server-side bug. Germany’s Federal Office for Information Security, known as the BSI, said in a translated advisory on Wednesday that it has knowledge of ‘multiple compromised systems.’
The BSI added that the newly discovered vulnerabilities, particularly the server-side bug, ‘put all previously mitigated systems at risk again.’ Ivanti confirmed it expects ‘a sharp increase in exploitation’ once specifics of the vulnerability are made public.
Ivanti has not attributed these intrusions to a particular threat group. Cybersecurity companies Volexity and Mandiant previously attributed the exploitation of the initial round of Connect Secure bugs to a China government-backed hacking group motivated by espionage. Volexity also said it had observed additional hacking groups actively exploiting the bugs.
However, Volexity said earlier this month that at least 1,700 Ivanti Connect Secure appliances worldwide had been exploited by the first round of flaws, affecting organizations in the aerospace, banking, defense, government and telecommunications industries, though the number was likely to be far higher.
This is particularly true in light of a CISA advisory released on Tuesday, which warned that attackers had bypassed workarounds for current mitigations and detection methods.
It’s unclear whether the patch is available to all Ivanti Connect Secure users, as the company previously said that it planned to release the patch on a ‘staggered’ basis starting January 22. Ivanti is now advising that customers ‘factory reset their appliance before applying the patch to prevent the threat actor from gaining upgrade persistence in your environment.’
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG