Ivanti Under Siege: Why Your VPN Might Be a Hacker’s Open Door
The cybersecurity world is still reeling from the active exploitation of multiple critical vulnerabilities in Ivanti Connect Secure and Policy Secure gateways. These flaws have allowed state-sponsored threat actors and other malicious groups to bypass authentication and execute arbitrary commands, creating a massive headache for IT teams globally.[1]
This isn’t just a single vulnerability; we’re talking about a series of critical issues including CVE-2023-46805 (authentication bypass), CVE-2024-21887 (command injection), CVE-2024-21888 (privilege escalation), CVE-2024-21893 (SSRF), and the latest, CVE-2024-22024 (XML external entity vulnerability).[2] Threat actors, including sophisticated state-backed groups and opportunistic cybercriminals, have been quick to weaponize these flaws, deploying web shells and backdoors to establish persistent access and exfiltrate data from compromised networks. Ivanti has been releasing patches, but the cat-and-mouse game continues as new attack vectors are discovered and exploited.[3]
So what? If your organization uses Ivanti Connect Secure or Policy Secure gateways, you’re squarely in the crosshairs. These devices are often the first line of defense, sitting at the perimeter of your network. A compromise here means threat actors can bypass your perimeter, move laterally, steal sensitive data, or even deploy ransomware. Developers and security teams need to prioritize patching, but also implement robust monitoring for indicators of compromise (IoCs) and consider out-of-band authentication or alternative access methods while these systems remain a target. Don
