In the ever-evolving landscape of cybersecurity, a new threat has emerged. Ivanti, a widely used enterprise VPN appliance, has been hit by a third vulnerability, which is now being mass exploited. This alarming development follows Ivanti’s recent discovery of two new security flaws affecting Connect Secure, its remote access VPN solution.
Connect Secure is used by thousands of corporations and large organizations worldwide, including universities, healthcare organizations, and banks. This technology enables employees to log in from outside the office, making it a critical component of many organizations’ operations. With over 40,000 customers, the impact of these vulnerabilities could be far-reaching.
The newly discovered flaw, tracked as CVE-2024-21893, is a server-side request forgery flaw. Despite Ivanti’s efforts to patch the vulnerabilities, cybersecurity experts anticipate a greater impact on organizations as more hacking groups exploit the flaw. The situation is further exacerbated by the fact that proof-of-concept exploit code is now public, meaning any unpatched devices accessible over the Internet have likely been compromised multiple times.
The Shadowserver Foundation, a nonprofit organization that scans and monitors the internet for exploitation, has observed a sharp increase in unique IPs attempting to exploit the server-side flaw. This increase, coupled with the fact that around 20,800 Ivanti Connect Secure devices are exposed to the internet, underscores the severity of the situation.
While it’s unclear who is behind the mass exploitation, the exploitation of the first two Connect Secure bugs has been attributed to a China government-backed hacking group likely motivated by espionage. Ivanti has acknowledged ‘targeted’ exploitation of the server-side bug aimed at a ‘limited number of customers’ but has not commented on reports of mass exploitation.
Ivanti has begun releasing patches to customers for all of the vulnerabilities and a second set of mitigations. However, it’s not known when Ivanti will make the patches available to all of its potentially vulnerable customers. This situation serves as a stark reminder of the importance of robust cybersecurity measures and the need for businesses to stay vigilant and proactive in protecting their digital assets.
For more details, you can read the full report on TechCrunch.


