January 10, 2024 at 08:03PM
Volexity warned of Chinese hackers exploiting zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure VPN. It affected fully patched appliances, with pre-patch mitigations provided. The attackers used these exploits to execute commands, steal data, and gain access to network systems. Volexity discovered and described the attacker’s methods.
From the meeting notes provided, here are the key takeaways:
– Volexity has warned of active exploitation of two unauthenticated remote zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti Connect Secure VPN devices by suspected Chinese nation-state hackers.
– Ivanti has released pre-patch mitigations for the vulnerabilities and plans to release comprehensive fixes on a staggered schedule, beginning on January 22.
– The vulnerabilities allow attackers to achieve unauthenticated remote code execution (RCE) and were used to steal configuration data, modify files, download remote files, and gain access to systems on the network.
– Volexity worked closely with Ivanti to uncover the exploit chain used by the attacker, and identified modifications made by the attackers to ICS components in order to evade security measures and gain unauthorized access.
Let me know if you need any further details or action items from this information.