In a widespread cyber assault, hackers are capitalizing on two zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) within Ivanti’s widely used corporate VPN appliance, Connect Secure.
Volexity has reported mass exploitation, affecting over 1,700 appliances globally and impacting critical industries such as aerospace, banking, defense, government, and telecommunications.
Victims span from small businesses to Fortune 500 companies worldwide, raising concerns about the scale and severity of the attack.
The Shadowserver Foundation estimates that over 17,000 internet-visible Ivanti VPN appliances are at risk globally, with 5,000 situated in the United States.
Ivanti, confirming the mass-hacks, acknowledged increased threat activity commencing on January 11, following the disclosure of vulnerabilities on January 10.
Despite the ongoing exploitation, Ivanti has outlined plans to release patches in a “staggered” manner, with the initial rollout scheduled for the week of January 22.
In the interim, administrators are strongly advised to implement mitigation measures outlined by Ivanti.
These measures include resetting passwords and API keys, as well as revoking and reissuing certificates on affected appliances.Â
Thanks a lot for the article! It was really helpful!