Ivanti Pulse Secure was using decade-old Linux and outdated libraries — no wonder it was such a popular target for hackers

News
By published

Hackers are having a field day with Ivanti's products

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
(Image credit: Shutterstock / Thapana_Studio)

Knowing which operating system, as well as libraries, Ivanti Pulse Secure used, it is no wonder hackers keep finding new zero-day vulnerabilities to exploit.

That's the conclusion of security analysts from Eclypsium, who analyzed firmware version 9.1.18.2-24467.1 and concluded that the operating system used was CentOS 6.4.

"Pulse Secure runs an 11-year-old version of Linux which hasn't been supported since November 2020," it said in the follow-up report.

Thousands of vulnerable endpoints

What’s more, Eclypsium discovered multiple libraries which, among themselves, are vulnerable to 973 flaws. Of those, 111 have publicly known exploits. "This is a perfect example as to why visibility into digital supply chains is important and why enterprise customers are increasingly demanding SBOMs from their vendors,” the researchers concluded.

There’s more - researchers found more than 1,200 problems in 76 shell scripts, more than 5,000 flaws in 5,392 Python files, and 133 outdated certificates.

Finally, Eclypsium also discovered a problem in the logic of the Integrity Checker Tool (ITC), which the company recommends as the go-to tool when looking for indicators of compromise, it said. As the tool excludes more than a dozen important directories, hackers could easily pass the integrity check and remain on the endpoint.

A separate report by BleepingComputer claims thousands of Ivanti’s Connect Secure and Policy Secure endpoints remain vulnerable to the flaws found earlier this year. Despite the patches already rolled out, hackers are exploiting outdated endpoints for CVE-2024-22024, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, and CVE-2024-21888. 

Cybersecurity researcher Yutaka Sejiyam scanned the internet through Shodan and found, at the time of going to press, that there were more than 13,600 Ivanti servers still vulnerable to the abovementioned flaws.

Some of the vulnerabilities, the media reported earlier, were abused by state-sponsored threat actors and used in espionage campaigns.

Via The Hacker News

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
vpn
Ivanti warns another critical security flaw is being attacked
Best free Linux firewalls
Palo Alto firewalls have some worrying serious flaws
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
The best free firewall
Palo Alto warns another major firewall hack has been detected
Latest in Security
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
Latest in News
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
The Meta Quest 3 and controllers on their charging station which is itself on a wooden desk next to a lamp
Forget Android XR, I've got my eyes on Vivo's new Meta Quest 3 competitor as it could be the most important VR headset of 2025
Samsung Galaxy S25 from the front
The Now Bar on Samsung One UI 7 is about to get a lot more useful – and could soon match Live Activities on iOS
Marvel Rivals
Marvel Rivals will get two new hero skins for Moon Knight and Black Panther this week meaning I'll now need to farm even more Units
Nvidia app
Tired of manually optimizing your games? Nvidia's new G-Assist could save you time
More about security
Code Skull

This dangerous new ransomware is hitting Windows, ARM, ESXi systems
Code Skull

Interpol operation arrests 300 suspects linked to African cybercrime rings
Windows 10

The six-step countdown to Windows 10 end of life
See more latest
Most Popular
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 26 (game #388)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Wednesday, March 26 (game #654)
Nvidia app
Tired of manually optimizing your games? Nvidia's new G-Assist could save you time
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
An iPhone running iOS 18 on a purple and blue background
iOS 18.4 could launch soon with a major upgrade to your iPhone’s notifications
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
The Meta Quest 3 and controllers on their charging station which is itself on a wooden desk next to a lamp
Forget Android XR, I've got my eyes on Vivo's new Meta Quest 3 competitor as it could be the most important VR headset of 2025