Ivanti tried to patch its VPN security flaws — but just found more problems

News
By
published

Two new Ivanti VPN flaws discovered, including a zero-day

VPN and Remote Desktop
(Image credit: Pixabay)

While looking to patch two high-severity flaws in a VPN solution being abused in the wild, Ivanti found two more - one of which, it seems, is already known to some threat actors.

In early January 2024, Ivanti said it uncovered and patched two vulnerabilities found in its Connect Secure VPN products. Tracked as CVE-2023-46805 and CVE-2024-21887 and could have been used, the vulnerabilities, researchers were saying at the time, were being used to break into vulnerable networks and steal sensitive data. 

Two weeks later, Ivanti urged users to apply the proposed workaround immediately as evidence started emerging of in-the-wild abuse, mostly by Chinese state-sponsored threat actors.

Multiple compromised systems

A patch was in the works - but as Ivanti set out to patch the flaws, it said it found two more lurking in Connect Secure VPN, TechCrunch reports. 

One is CVE-2024-21888, described as a privilege escalation flaw. The latter, a zero-day, is a server-side vulnerability enabling hackers to access restricted resources, unauthenticated. The company is also warning that the latter is being used in “targeted” attacks.

In its writeup, TechCrunch also said that Germany’s Federal Office for Information Security was also aware of “multiple compromised systems” and that all previously patched systems were at risk of the server-side bug.

While Ivanti isn’t pointing any fingers, both Volexity and Mandiant said that the previous two flaws were being used by Chinese state-sponsored threat actors. Ivanti and independent researchers also don’t seem to be seeing eye-to-eye on the number of victims, as well. While Ivanti claims that fewer than 20 of its customers were affected by the bug (up from previously claimed 10), Volexity puts that number at 1,700, at least. Even CISA weighed in recently, urging all federal agencies to apply the patch immediately, due to evidence of the flaws being used by hackers.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
vpn
Ivanti warns another critical security flaw is being attacked
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Digital image of a lock.
Ivanti warns it has found another major security flaw in its systems
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Latest in VPN Privacy & Security
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Google TV onscreen interface showing streaming apps
Why do streaming services geo-restrict content?
Pirate key on computer keyboard
Italy to require VPN and DNS providers to block pirated content
piracy
Canal+ wants to block VPN usage – and VPN providers are fuming
Latest in News
An operator fires a saw blade from a weapon
Call of Duty: Black Ops 6 Season 3 gets two-week delay, will now release in April
Apple iPad A16
Apple's new entry-level iPad ups the performance for the same price, but doesn't support Apple Intelligence
iPad Air M3
Apple updates iPad Air with powerful M3 chip and pairs it with Pro-level Magic Keyboard
Samsung Galaxy Z Flip 6 in blue
The Samsung Galaxy Z Flip 7 might improve on its predecessor in one crucial way
Nvidia RTX 5070 Founders Edition GPU shown against a green and black backdrop
Nvidia RTX 5070 early pricing hints at plenty of GPUs at the MSRP – but I’ll believe it when I see it
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
More about vpn privacy security
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.

"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Google TV onscreen interface showing streaming apps

Why do streaming services geo-restrict content?

The cover art of co-op game Split Fiction

I rode a dragon, sizzled as a sausage, and won a dance-off with a monkey in Split Fiction, and that’s not even the half of it

See more latest