Yet another Ivanti VPN critical security flaw is being exploited, so patch now

In the weeks following the news, Ivanti released the corresponding patches, and said that during the remediation process it discovered two additional flaws - CVE-2024-21888 and CVE-2024-21893. While one of them wasn’t picked up by hackers in a more significant volume, the other one - 21893, was tested in at least 170 unique exploitation attempts.

Asking for permissions

Now, the newest Shadowserver data is showing mass exploitation, TechCrunch reports. Shadowserver’s chief executive, Piotr Kijevski, told the publication that late last week, the nonprofit observed more than 630 unique IPs attempting to exploit the flaw which allows for remote access.  

As was the case with the first two flaws, Ivanti patched these as well. However, that doesn’t necessarily translate to a completely fixed issue, as companies are often slow to patch, leaving themselves open to attacks. Connect Secure, a remote access VPN solution, is allegedly used by more than 40,000 customers, such as banks, healthcare firms, and education organizations. 

Shadowserver initially showed some 22,500 instances exposed to the internet. This week, the number is down to 20,800 according to the same source, which means businesses are patching their endpoints, albeit at a slow(ish) pace.

Volexity founder Steven Adair gave an ominous warning, the publication said: “any unpatched devices accessible over the Internet have likely been compromised several times over.”

At press time, it was unknown which threat actors sought to exploit the flaws, but given the recent history, it’s safe to assume that Chinese state-sponsored threat actors are having a field day with Ivanti.

More from TechRadar Pro

• Another serious Ivanti vulnerability has been found under attack, so update now
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now