January 31, 2024 at 12:48PM
Ivanti is urgently addressing two high-severity vulnerabilities in its Connect Secure and Policy Secure VPN products, discovered during the investigation of zero-day attacks. The company has started rolling out patches for critical bugs and issued an alert to its customers to test and deploy available fixes promptly. Digital forensics firm Volexity has spotted exploitation of these vulnerabilities, linking it to a Chinese government-backed APT hacking team. CISA has set a deadline for federal agencies to deploy fixes and remove compromised products from networks.
From the provided meeting notes, it is clear that Ivanti, an enterprise IT software vendor, is urgently addressing critical vulnerabilities in its Connect Secure and Policy Secure VPN products. The company has identified several high-severity vulnerabilities, including authentication bypass, command injection, privilege escalation, and server-side request forgery issues.
Ivanti has already started rolling out patches for these vulnerabilities, which were discovered during an investigation into ongoing zero-day attacks. These vulnerabilities have been actively exploited by multiple hacking groups, including a Chinese government-backed APT team, leading to significant impact on US organizations.
The late availability of patches is adding urgency to the situation, as it is complicating deadlines set by the US government’s cybersecurity agency CISA for Federal Civilian Executive Branch agencies to apply fixes and remove compromised products from their networks.
Furthermore, Ivanti is now featured prominently in the CISA KEV (Known Exploited Vulnerabilities) catalog, and the company’s struggles with major security issues have been widely reported.
The urgency and widespread impact of these vulnerabilities call for immediate action from Ivanti customers to test and deploy available fixes. It is evident that the security community is closely monitoring and actively responding to these critical vulnerabilities, and the affected organizations need to act swiftly to address the risks posed by these exploits.