Ivanti Releases Patch for Actively Exploited Vulnerability in Connect Secure VPN

Ivanti has released a patch for two new vulnerabilities in its Connect Secure VPN. Attackers are actively exploiting one of those bugs, says the company, which also released an emergency patch earlier this month.

Ivanti warns in a blog post for two vulnerabilities in Connect Secure and in Policy Secure Gateways. Those are one privilege escalationbug that is tracked as CVE-2024-21388 and a server side request forgery, CVE-2024-21893. According to the company, the first is not actively abused, but the second is. The forgery bug makes it possible to read certain protected information without authentication.

Ivanti warns that ‘a small number of customers’ are affected by the bug, but does not share any further information about the specific exploitation. The company expects that the attackers will soon exploit more systems now that the information has been made public.

It is the second time in a short time that Ivanti has been hit by a zero day. This also happened earlier this month. Ivanti discovered the new bugs while investigating the previous zero days, but the company does not say whether the two are linked.

Ivanti has released a patch. These are versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1 for Connect Secure and 22.6R1.3 for the ZTA cloud package. Ivanti recommends that customers reset their gateways to factory settings before applying the patch to ensure that attackers cannot compromise their persistence to lose.

2024-01-31 18:12:00
#Ivanti #warns #zeroday #Connect #Secure #VPN