Researchers say attackers are mass-exploiting new Ivanti VPN flaw
Reading Time: 2 minutesHackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows.
Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure, its remote access VPN solution used by thousands of corporations and large organizations worldwide. According to its website, Ivanti has more than 40,000 customers, including universities, healthcare organizations, and banks, whose technology allows their employees to log in from outside the office.
The disclosure came not long after Ivanti confirmed two earlier bugs in Connect Secure, tracked as CVE-2023-46805 and CVE-2024-21887, which security researchers said China-backed hackers had been exploiting since December to break into customer networks and steal information.
Now data shows that one of the newly discovered flaws — CVE-2024-21893, a server-side request forgery flaw — is being mass exploited.
Although Ivanti has since patched the vulnerabilities, security researchers expect more impact on organizations to come as more hacking groups are exploiting the flaw. Steven Adair, founder of cybersecurity company Volexity, a security company that has been tracking exploitation of the Ivanti vulnerabilities, warned that now that proof-of-concept exploit code is public, ‘any unpatched devices accessible over the Internet have likely been compromised several times over.’
That’s a sharp increase compared to last week when Shadowserver said it had observed 170 unique IPs attempting to exploit the vulnerability.
An analysis of the new server-side flaw shows the bug can be exploited to bypass Ivanti’s original mitigation for the initial exploit chain involving the first two vulnerabilities, effectively rendering those pre-patch mitigations moot.
Kijewski added that Shadowserver is currently observing around 20,800 Ivanti Connect Secure devices exposed to the internet, down from 22,500 last week, though he noted that it isn’t known how many of these Ivanti devices are vulnerable to exploitation.
It’s not clear who is behind the mass exploitation, but security researchers attributed the exploitation of the first two Connect Secure bugs to a China government–backed hacking group likely motivated by espionage.
Ivanti began releasing patches to customers for all of the vulnerabilities alongside a second set of mitigations earlier this month. However, Ivanti notes in its security advisory — last updated on February 2 — that it is ‘releasing patches for the highest number of installs first and then continuing in declining order.’
It’s not known when Ivanti will make the patches available to all of its potentially vulnerable customers.
Reports of another Ivanti flaw being mass-exploited come days after the U.S. cybersecurity agency CISA ordered federal agencies to urgently disconnect all Ivanti VPN appliances. The agency’s warning saw CISA give agencies just two days to disconnect appliances, citing the ‘serious threat’ posed by the vulnerabilities under active attack.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG