Yet another Ivanti VPN critical security flaw is being exploited, so patch now

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Ivanti has discovered yet another serious security vulnerability in its VPN for business appliances - and what's worse, it's already being exploited en masse, researchers have found.

Ivanti had already uncovered two high-severity flaws in its Connect Secure products, CVE-2023-46805 and CVE-2024-21886 which were, at the time, mostly exploited by Chinese state-sponsored threat actors. Soon afterwards, reports came out of mass exploitation.

In the weeks following the news, Ivanti released the corresponding patches, and said that during the remediation process it discovered two additional flaws - CVE-2024-21888 and CVE-2024-21893. While one of them wasn’t picked up by hackers in a more significant volume, the other one - 21893, was tested in at least 170 unique exploitation attempts.

Asking for permissions

Now, the newest Shadowserver data is showing mass exploitation, TechCrunch reports. Shadowserver’s chief executive, Piotr Kijevski, told the publication that late last week, the nonprofit observed more than 630 unique IPs attempting to exploit the flaw which allows for remote access.  

As was the case with the first two flaws, Ivanti patched these as well. However, that doesn’t necessarily translate to a completely fixed issue, as companies are often slow to patch, leaving themselves open to attacks. Connect Secure, a remote access VPN solution, is allegedly used by more than 40,000 customers, such as banks, healthcare firms, and education organizations. 

Shadowserver initially showed some 22,500 instances exposed to the internet. This week, the number is down to 20,800 according to the same source, which means businesses are patching their endpoints, albeit at a slow(ish) pace.

Volexity founder Steven Adair gave an ominous warning, the publication said: “any unpatched devices accessible over the Internet have likely been compromised several times over.”

At press time, it was unknown which threat actors sought to exploit the flaws, but given the recent history, it’s safe to assume that Chinese state-sponsored threat actors are having a field day with Ivanti.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
vpn
Ivanti warns another critical security flaw is being attacked
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Latest in VPN Privacy & Security
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
A computer file surrounded by red laser beams
Cover your tracks: the risk of sending unencrypted files
Using an Amazon Fire Stick on a Smart TV
How to use a VPN with Fire Stick
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras