Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Another serious Ivanti vulnerability has been found under attack, so update now

VPN and Remote Desktop.

Ivanti can’t seem to catch a break, as soon after discovering and patching two major flaws that were being exploited in the wild, a third one emerged.

Just like the previous two, this new threat also affects Ivanti’s Connect Secure and Policy Secure VPN products, 

It’s tracked as CVE-2024-21893, and is described as a server-side request forgery. Ivanti published finding the flaw in late January this year, together with another vulnerability that hasn’t yet caught the hacking community’s attention.

A rocky start to the year

At the time, the company released a patch, and said it wasn’t aware of mass abuse. “We are only aware of a small number of customers who have been impacted by CVE-2024-21893 at this time,” the company said in the advisory. 

However, citing information from Shadowserver, ArsTechnica reported that the abuse has “mushroomed” and exceeded that of CVE-2023-46805 and CVE-2024-21887, the two flaws hackers previously targeted. 

It’s been a rocky start to 2024 for Ivanti after it recently discovered two high severity flaws that were being exploited in the wild. 

At first, it released mitigations for the flaws, and later released a patch, but soon after publishing the findings, the US Government's Cybersecurity and Infrastructure Security Agency (CISA) warned users of hackers actively exploiting the flaw and even advised government agencies to disconnect their Ivanti VPNs until they are able to completely rebuild them with the patch installed. 

The first two flaws were abused by Chinese state-sponsored threat actors, the researchers said at the time. For the newest vulnerability, there is still no word on who the perpetrators are, but it’s safe to assume the same people. What’s more, endpoints protected against the first two flaws are vulnerable to the third one, unless they apply the separately-published patch.

While researchers from Rapid7 released a Proof-of-Concept (PoC) late last week, it doesn’t seem that it played a significant role, as researchers saw active exploitation hours earlier.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.