January 31, 2024 at 03:39PM
Ivanti has patched the original set of zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in its Connect Secure VPN appliances, but more fixes will be rolled out on a staggered schedule. The company is also addressing two new bugs (CVE-2024-21888 and CVE-2024-21893) with the latter under active exploitation. Organizations are urged to apply mitigations immediately to avoid being exploited. Multiple malware tools have been used in these attacks, and researchers warn of the potential for supply chain attacks. Additionally, Ivanti and CISA have issued updated mitigation guidance, and experts emphasize the urgency of patching the newly identified high-severity bugs.
The meeting notes indicate that Ivanti has started patching zero-day vulnerabilities in its Connect Secure VPN appliances, but they also announced two additional bugs. Patch fixes have been released for some versions, with additional fixes to come gradually. Meanwhile, Ivanti has provided a mitigation for unpatched organizations. Mandiant identified a China-backed APT, UNC5221, responsible for mass exploitations and provided details on the types of malware used in the attacks. Furthermore, there are new high-severity zero-day bugs (CVE-2024-21888 and CVE-2024-21893) for which patches have been issued. The notes emphasize the urgency of patching and addressing these vulnerabilities to prevent unauthorized access and potential compromise of the network.