Ivanti Pulse Secure was using decade-old Linux and outdated libraries — no wonder it was such a popular target for hackers
Hackers are having a field day with Ivanti's products
Knowing which operating system, as well as libraries, Ivanti Pulse Secure used, it is no wonder hackers keep finding new zero-day vulnerabilities to exploit.
That's the conclusion of security analysts from Eclypsium, who analyzed firmware version 9.1.18.2-24467.1 and concluded that the operating system used was CentOS 6.4.
"Pulse Secure runs an 11-year-old version of Linux which hasn't been supported since November 2020," it said in the follow-up report.
Thousands of vulnerable endpoints
What’s more, Eclypsium discovered multiple libraries which, among themselves, are vulnerable to 973 flaws. Of those, 111 have publicly known exploits. "This is a perfect example as to why visibility into digital supply chains is important and why enterprise customers are increasingly demanding SBOMs from their vendors,” the researchers concluded.
There’s more - researchers found more than 1,200 problems in 76 shell scripts, more than 5,000 flaws in 5,392 Python files, and 133 outdated certificates.
Finally, Eclypsium also discovered a problem in the logic of the Integrity Checker Tool (ITC), which the company recommends as the go-to tool when looking for indicators of compromise, it said. As the tool excludes more than a dozen important directories, hackers could easily pass the integrity check and remain on the endpoint.
A separate report by BleepingComputer claims thousands of Ivanti’s Connect Secure and Policy Secure endpoints remain vulnerable to the flaws found earlier this year. Despite the patches already rolled out, hackers are exploiting outdated endpoints for CVE-2024-22024, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, and CVE-2024-21888.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Cybersecurity researcher Yutaka Sejiyam scanned the internet through Shodan and found, at the time of going to press, that there were more than 13,600 Ivanti servers still vulnerable to the abovementioned flaws.
Some of the vulnerabilities, the media reported earlier, were abused by state-sponsored threat actors and used in espionage campaigns.
Via The Hacker News
More from TechRadar Pro
- Ivanti tried to patch its VPN security flaws — but just found more problems
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.