Ivanti VPN: A Quick look at the Zero-Day Vulnerabilities

Discord
Business Data Breaches Latest Threats Latest Vulnerabilities Scams and Awareness Security Technology , , , , , , ,

Ivanti VPN: A Quick look at the Zero-Day Vulnerabilities

Recently, two critical zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, have been identified in Ivanti VPN, a widely used corporate VPN appliance. These vulnerabilities have been exploited by hackers to deploy malware and cryptocurrency miners, posing a significant threat to various organizations, including Fortune 500 firms, government agencies, and defense contractors.

The Vulnerabilities in Ivanti VPN

CVE-2023-46805

CVE-2023-46805 is an authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x, and Ivanti Policy Secure. This vulnerability allows a remote attacker to access restricted resources by bypassing control checks. It has a severity score of 8.2, indicating a high level of threat.

CVE-2024-21887

CVE-2024-21887 is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x). This vulnerability allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. It has a critical severity score of 9.1.

The Exploitation by the Ivanti VPN Vulnerabilities

State-sponsored hackers have exploited these vulnerabilities to compromise over 1,700 Ivanti Connect Secure appliances worldwide. The victims are globally distributed and vary greatly in size, from small businesses to some of the largest organizations in the world, including multiple Fortune 500 companies across multiple industry verticals.

The Impact of Ivanti VPN Vulnerabilities

The exploitation of these vulnerabilities has led to the deployment of malware and cryptocurrency miners. Cryptocurrency miners are a class of malware designed to hijack the processing power of computers or devices for the purpose of mining cryptocurrencies. This process, known as crypto jacking, can significantly affect the performance of the infected machines and increase their wear and tear.

Conclusion

The exploitation of these zero-day vulnerabilities in Ivanti VPN underscores the importance of robust cybersecurity measures. Organizations are advised to apply mitigations per vendor instructions or discontinue the use of the product if mitigations are unavailable. As the digital landscape continues to evolve, staying vigilant and proactive in addressing cybersecurity threats is crucial for maintaining the integrity and security of systems and data.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Tag

Related Posts

Post Comment