Ivanti Releases Patch for Zero-day Vulnerability on VPN DevicesIvanti Addresses Zero-day Vulnerabilities on 2 VPN : CVE-2023-46805 and CVE-2024-21887
Ivanti has released patches for two zero-day vulnerabilities affecting its Connect Secure and Policy Secure Gateways. The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, fall under the category of Privilege Escalation. These flaws enable attackers to gain unauthorized access to systems without the need for authentication.
Germany’s cybersecurity agency, the Federal Office for Information Security (BSI), has reported multiple ongoing attacks exploiting these vulnerabilities. Ivanti has confirmed that approximately 20 customers have already fallen victim to these attacks, with a rapid increase in incidents expected as details of the vulnerabilities become public.
Ivanti has promptly issued patches for both vulnerabilities, urging system administrators to apply updates immediately. Volexity has disclosed alarming statistics regarding Ivanti Connect Secure Appliances connected to the internet, numbering over 1,700, heightening the risk of potential attacks.