Ivanti Faces Escalating Security Challenges with New Zero-Day Vulnerabilities
Ivanti, a prominent provider of corporate VPN appliances, has issued a stark warning about the exploitation of a previously undisclosed zero-day vulnerability, marking an intensifying cyber threat landscape. The company, grappling with ongoing security challenges, has been dealing with attacks since early December when Chinese state-backed hackers began exploiting vulnerabilities in Ivanti Connect Secure, specifically CVE-2023-46805 and CVE-2024-21887. These intrusions aimed at breaking into customer networks and extracting sensitive information.
Adding to the company’s cybersecurity woes, Ivanti has now identified two additional vulnerabilities, designated CVE-2024-21888 and CVE-2024-21893, within its Connect Secure VPN product. CVE-2024-21888 is categorized as a privilege escalation vulnerability, while CVE-2024-21893, a zero-day vulnerability, is a server-side issue allowing unauthorized access to restricted resources without authentication. The latter has been observed under “targeted” exploitation, as noted in Ivanti’s recent disclosure.
The severity of the situation is further underscored by a statement from Germany’s Federal Office for Information Security (BSI), which acknowledged the compromise of multiple systems and emphasized the renewed risk posed by the newly discovered vulnerabilities. With the specifics of the vulnerabilities expected to become public knowledge, Ivanti anticipates an exponential rise in exploitation attempts.
While Ivanti has not officially linked these cyberattacks to a specific threat group, cybersecurity firms Volexity and Mandiant previously associated the initial wave of Connect Secure exploits with a Chinese government-supported hacking collective, primarily driven by espionage motives. Volexity also reported additional groups actively exploiting the vulnerabilities.
Ivanti’s recent update indicates that fewer than 20 customers are directly impacted, although the exact figure remains undisclosed. Contrastingly, Volexity’s earlier findings suggested a broader impact, with at least 1,700 Ivanti Connect Secure appliances globally compromised by the initial vulnerabilities, affecting sectors like aerospace, banking, defense, and telecommunications.
In response to these escalating threats, Ivanti released a patch to counter the widely exploited Connect Secure vulnerabilities. However, the release was delayed by a week from the initially planned schedule. Ivanti spokesperson Kareena Garg assured that the patch also addresses the two newly disclosed vulnerabilities. However, the company advised a “staggered” release of the patch, beginning January 22, and recommended customers to factory reset their appliances before applying the patch to thwart any residual threat actor presence.
This unfolding security crisis at Ivanti underscores the relentless nature of state-backed cyberattacks and the critical need for robust, proactive cybersecurity measures in today’s interconnected world. As the cybersecurity community awaits further developments, the spotlight remains on Ivanti’s efforts to safeguard its infrastructure and protect its clientele from these sophisticated cyber threats.