Ivanti Patches Critical Flaws Amidst Global Cyber Exploits
April 4, 2024Ivanti has released patches for multiple vulnerabilities in its Connect Secure and Policy Secure gateways.
The flaws include a high-severity vulnerability (CVE-2024-21894) allowing unauthenticated remote code execution and denial of service attacks.
Three additional security flaws (CVE-2024-22052, CVE-2024-22053, CVE-2024-22023) have also been patched.
Thousands of Ivanti's VPN gateways are exposed online, previously targeted by nation-state actors.
The U.S. CISA has responded with an emergency directive, including disconnecting and rebuilding vulnerable VPN appliances with patched software.
Historical context: Similar vulnerabilities were exploited by suspected Chinese hackers three years ago, impacting U.S. and European organizations.
Summary based on 1 source
Get a daily email with more Tech stories
Source
BleepingComputer • Apr 3, 2024
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks