Ivanti’s VPN Crisis: Patch Up or Get Hacked Again?

Discover Ivanti’s latest “VPN for business” boo-boo: a security hole so welcoming, hackers are throwing a cyber house party. Don’t wait for the e-vite; patch up now or risk a crasher’s takeover! #PatchThePartyHole

Hot Take:

Looks like Ivanti’s been handing out vulnerabilities like they’re going out of style, and the hacker fashionistas are absolutely living for it. In the latest episode of “Patching Pace Pandemonium,” businesses are scrambling slower than a turtle on a treadmill to fix these issues. Meanwhile, Chinese state-sponsored cyber runway models are strutting their stuff with new exploits. Cue the dramatic spotlight!

Key Points:

  • Ivanti’s Connect Secure VPN products have sprouted new security flaws faster than a Chia Pet, specifically CVE-2023-46805 and CVE-2024-21886, followed by CVE-2024-21888 and CVE-2024-21893.
  • Shadowserver reports over 630 unique IPs flexing their hacking muscles on Ivanti’s latest vulnerability, which is like a VIP backstage pass to remote access.
  • Despite Ivanti releasing the fashion line of patches, businesses are treating updates like last season’s trends – slow to adopt.
  • An estimated 20,800 Ivanti-exposed instances are still chilling out there, waiting to get picked up faster than discounted merch at a Black Friday sale.
  • If your device is unpatched and online, it’s not just compromised—it’s probably been passed around more than a hot potato at a family reunion.
Title: Xorg-x11-server: heap buffer overflow in disabledevice
Cve id: CVE-2024-21886
Cve state: PUBLISHED
Cve assigner short name: redhat
Cve date updated: 02/28/2024
Cve description: A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Cve id: CVE-2024-21888
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Cve id: CVE-2024-21893
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/31/2024
Cve description: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Need to know more?

Asking for Permissions

Imagine the cybersecurity world as a permission slip, and Ivanti's VPN appliances are that kid who forgot to get it signed. This latest round of exploits is like the entire class deciding to take a field trip to the "Compromise Carnival." Shadowserver's CEO sprinkled a bit of doom and gloom on the situation, noting that a hefty number of unique IPs are trying their luck with the new vulnerability. And let's face it, with more than 40,000 customers, including the who's who of sensitive sectors, this is the equivalent of leaving your diary open in a high school hallway.

Slow and Steady Wins... Nothing

Updating security flaws should be a race, but some companies are treating it more like a leisurely stroll in the park. Shadowserver's headcount of exposed instances dipped only slightly, which in cyber terms means there's still a party and everyone's invited – especially the hackers. And in the world of ominous fortune cookies, Volexity's founder might as well have said, "May you live in interesting cybersecurity times," because apparently, unpatched devices are as compromised as a reality TV star's privacy.

Patchwork Quilt of Security

At the end of the day, Ivanti's patchwork quilt of security is looking a little threadbare. While the patches are out there, ready to be sewn into the fabric of corporate security strategies, businesses seem to be waiting for a tailor-made invitation. The result? If you're unpatched, you're not just vulnerable, you're likely more exposed than a streaker at a football game. And as for the culprits? Well, it's a safe bet that the usual suspects from the East are sharpening their digital needles for another round of fashion-forward hacking.

More from Techradar Pro

And for those who like to stay ahead of the curve, Techradar Pro is your personal stylist in the ever-changing world of cybersecurity fashion. They've got the hot tips on the best firewalls that are in vogue, the endpoint security tools that are the season's must-haves, and all the cybersecurity gossip you can handle. So, subscribe to their newsletter unless you want your digital wardrobe to look so last year.

About the Scribe

Last but not least, let's talk about the man behind the quill, Sead Fadilpašić. This Sarajevo-based scribe has been typing away about IT and cybersecurity longer than some of us have been using a smartphone. From Al Jazeera Balkans to content writing coach, Sead's byline is like a badge of trust in the digital world. So when he talks VPNs and vulnerabilities, you know it's no joke – even if we're having a laugh about it!

Tags: Connect Secure VPN, Ivanti VPN vulnerability, network appliance exploits, patch management, remote access security, Shadowserver data analysis, threat actor surveillance