Cyber Siege: Ivanti’s New Zero-Day Woes Threaten Corporate VPN Security Again!

Ivanti’s VPN is like an all-you-can-eat buffet for hackers—now with two fresh zero-day vulnerabilities on the menu. Brace for a cyber-feeding frenzy!

Hot Take:

Just when you thought your virtual private nightmares were over, Ivanti swoops in with a “Hold my beer” moment revealing not one, but two new vulnerabilities in its VPN appliance. Hackers are already on a stealing spree, and Ivanti’s like the DJ that’s just dropped the beat for the cybercrime dance-off. Get ready for some patching action, folks, because it’s déjà vu with a side of data breach!

Key Points:

  • Ivanti’s Connect Secure VPN appliance is playing whack-a-mole with hackers exploiting new zero-day vulnerabilities, CVE-2024-21888 and CVE-2024-21893.
  • Chinese state-backed cyber bandits have been party crashing since December, leveraging old flaws, and now they’ve got fresh moves.
  • Germany’s BSI has spotted “multiple compromised systems,” suggesting this cyber shindig is more rave than exclusive soiree.
  • Ivanti patched old vulnerabilities and promises these updates will guard against the new ones too (fingers crossed).
  • Customers are advised to factory reset their appliances before applying the patch, because everyone loves IT spring cleaning.
Cve id: CVE-2024-21887
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Cve id: CVE-2024-21888
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Cve id: CVE-2024-21893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Need to know more?

The Never-Ending Game of Cyber Tag

Just like that one relative who always overstays their welcome during the holidays, hackers have been exploiting Ivanti's Connect Secure VPN flaws since December. The two new vulnerabilities, dubbed CVE-2024-21888 and CVE-2024-21893, are the party favors nobody asked for. Ivanti's playing catch-up, issuing warnings, and probably chugging coffee as they scramble to patch things up.

It's a Hacker's World, We're Just Living In It

The BSI's "compromised systems" comment is the cybersecurity equivalent of spotting UFOs — it's out there, and it's freaky. Meanwhile, Ivanti's playing coy, not naming names, but we all know who's waltzing in their security ballroom: espionage-loving Chinese state-backed hackers, according to Volexity and Mandiant.

Patch Me If You Can

Here's the twist: Ivanti did patch the old vulnerabilities but also had to whisper, "P.S. We have new ones." The patch is like a Swiss Army knife, supposedly defending against the fresh vulnerabilities too. As for the patch release strategy? It's staggered, which in cybersecurity speak means "Let's hope the hackers don't have a calendar."

Factory Reset: The IT Equivalent of a Juice Cleanse

Lastly, if you're using Ivanti's Connect Secure, it's time for a digital detox. Ivanti recommends a factory reset before patching up. It's like prepping for a new diet by throwing out all the junk food — except the junk food is a sophisticated hacker potentially lurking in your VPN appliance.

So, grab your IT toolkit and get ready for some serious patching. It's the cybersecurity version of whack-a-mole, and the moles are wearing hacker hoodies. Let the games begin!

Tags: Connect Secure VPN, CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893, patch management, Zero-day exploitation