VPN Vulnerability Epidemic: Ivanti Connect Secure Zero-Days Leave Thousands Exposed

Breaking: Ivanti Connect Secure VPN’s double zero-day trouble! Over 1,700 victims, from mom-and-pop shops to Fortune 500 giants, caught in the crosshairs. No patch yet – it’s open season for cyber-villains! 🎯💻 #IvantiVPNZeroDays

Hot Take:

Listen up folks, because it’s about to get patchy in here—or rather, unpatchy. Ivanti’s Connect Secure VPN is like the new hotspot, but for cybercriminals looking for a good time hacking into over 1,700 systems. And guess what? No bouncer at the door yet, because patches are still on the way. Seems like the only secure thing about this VPN is the job security it’s providing for cybersecurity experts.

Key Points:

  • Two zero-day vulnerabilities in Ivanti Connect Secure VPN are being exploited like a free bar at a hacker’s conference.
  • The VIP list includes over 1,700 systems from small fries to big fish, across industries like aerospace and banking.
  • Apparently, hackers started their party a day after the vulnerabilities went public. Talk about being fashionably late!
  • The dynamic duo of flaws (CVE-2023-46805 and CVE-2024-21887) lets uninvited guests run wild commands without even saying “please”.
  • Patches are still getting dressed and expected to arrive on January 22, leaving mitigation measures as the only bouncer for now.
Cve id: CVE-2024-21887
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Cve id: CVE-2023-46805
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 01/12/2024
Cve description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Need to know more?

The VIP Exploit Gala

Imagine throwing a party and everyone's invited—hackers included. That's Ivanti's Connect Secure VPN right now. The guest list? Oh, just a cool 1,700 systems, and that's just the ones we know about. Could be more than 10 times that number if the rumors are true. This isn't your average get-together; it's more like an all-you-can-eat buffet for cyber baddies. Small businesses, behemoth corporations, you name it, they're all dipping in the same compromised chip bowl.

Save the Date: Exploit Day

These hackers sure don't waste time. The vulnerabilities hit the headlines, and the next thing you know, it's exploitation galore starting January 11. It's like they had their little black hats and scripts ready to go. And the flaws in question? Think Bonnie and Clyde of cybersecurity. One lets you sneak in without a key, and the other lets you paint graffiti all over the metaphorical walls. No authentication, no problem.

The "Oops, We're Working On It" Patch

Let's talk about the elephant in the room, or rather, the missing elephant: the patch. Ivanti has announced that the cavalry, in the form of updates, will be arriving on January 22. Until then, we're all just playing musical chairs hoping we're not the ones left standing when the music stops. If you're using Ivanti Connect Secure VPN, you might want to start practicing your mitigation dance moves, because that's the only tune playing right now.

And For Your Further Reading Pleasure...

If you're done stressing about Ivanti, why not broaden your horizons? There's a dangerous Opera security flaw that's also making the rounds, plus a handy list of the best firewalls to keep you cozy, and a spotlight on top-tier endpoint security tools. It's like the self-help bookshelf for your digital life. Don't forget to subscribe to TechRadar Pro's newsletter for more stories to keep you up at night!

Your Cybersecurity Correspondent

And who's bringing you this tale of digital woes and 0days? None other than Sead Fadilpašić, the seasoned IT and cybersecurity storyteller from Sarajevo, who's seen more breaches and flaws than most people have had hot dinners. With a pen sharper than a hacker's keyboard, he's your guide through the tangled web of cybersecurity news. So buckle up and keep your data close, because it's a wild world out there.

Tags: CVE-2023-46805, CVE-2024-21887, Ivanti Connect Secure VPN, Network Security, threat actors, VPN vulnerabilities, Zero-Day Exploits