Double Trouble: Ivanti Tackles Wild Zero-Day Duo with Urgent Mitigation Moves

Duck for cover, tech world! Ivanti’s latest soap opera features two zero-days, already flexing their hacker muscles in the wild. With the power to bypass authentication and inject commands, it’s like giving burglars the keys and the alarm code. Patches pending—stay tuned!

Hot Take:

Well, it seems Ivanti is handing out zero-days like they’re going out of style! With not one, but two freshly baked vulnerabilities, attackers are having a field day bypassing authentication and injecting commands like they’re playing a game of “Simon Says” with corporate gateways. It’s like a buffet of exploits, and the hackers have VIP tickets. Let’s buckle up and dive into this cybersecurity soap opera, shall we?

Key Points:

  • Two zero-days in Ivanti’s Connect Secure and Policy Secure products are being exploited in the wild. It’s showtime for attackers!
  • The first zero-day is a sly authentication bypass, while the second is a crafty command injection. Together, they’re like the Bonnie and Clyde of the cyber realm.
  • Patches are en route but aren’t ready yet, leaving Ivanti to play the role of a digital firefighter with mitigation measures.
  • Under 10 customers affected, but with over 15,000 gateways exposed online, it’s a bit like saying only a few people got wet on the Titanic.
  • Security experts and threat intelligence firms are on the case, with Volexity pointing fingers at a Chinese state-backed actor. The plot thickens!

Need to know more?

Zero-Day Double Trouble

Here's the tea: Ivanti's got a duo of zero-day vulnerabilities that have rolled out the red carpet for attackers. The first one, CVE-2023-46805, is an authentication bypass that lets uninvited guests sneak past the bouncer. The second, CVE-2024-21887, is a command injection vulnerability that lets authenticated admins party like rockstars by executing any command they please. Chain them together, and you've got a recipe for a full-blown cyber rave on your hands.

Tick Tock, Patch O'Clock

Ivanti's in a race against time, trying to patch things up while also rolling out a makeshift shield to fend off attackers. Like a knight in not-so-shiny armor, they're wielding a mitigation file that customers can import to hold the fort. Patches are expected to strut down the runway between late January and mid-February. Better late than never, but let's hope the fashionably late arrival doesn't result in a complete takeover of the runway.

Counting the Casualties

So far, the cyber hit list includes fewer than ten Ivanti customers, which might sound like a small party, but with over 15,000 gateways just hanging out online, it's more like a ticking time bomb waiting to go off. Security maestro Kevin Beaumont and threat intel rockstars at Volexity are keeping tabs on the situation. They're like the cybersecurity neighborhood watch, but with more caffeine and less gossip.

History Repeats Itself

It's not Ivanti's first rodeo with zero-days. Last year was like a hackathon with state hackers exploiting not one, not two, but three zero-days in Ivanti's products. It's like Ivanti's becoming the favorite playground for cyber villains. But, to their credit, they're sticking to the script, assuring us that their code development process wasn't compromised. Phew, I guess?

Global Impact

With Ivanti's products being the tools of the trade for over 40,000 companies globally, this whole zero-day saga isn't just a drop in the ocean. It's more like someone's turned on the cyber faucet and left it running. And while we wait for the plumber (aka the patches), let's hope the temporary fixes keep the water from rising too high.

Tags: authentication bypass, Command Injection, IT asset management, Ivanti patch schedule, state-backed cyber attacks, threat intelligence, zero-day vulnerabilities