"Urgent: Ivanti Vulnerabilities Under Mass Exploitation"

February 8, 2024 at 07:45 PM

•

1 min read

"Urgent: Ivanti Vulnerabilities Under Mass Exploitation" — Photo: BleepingComputer

TL;DR Summary

Ivanti has warned of a new authentication bypass vulnerability (CVE-2024-22024) affecting its Connect Secure, Policy Secure, and ZTA gateways, urging immediate patching. The flaw allows remote attackers to access restricted resources without user interaction or authentication. Threat monitoring shows over 20,000 ICS VPN gateways exposed online, with Ivanti devices being heavily targeted in attacks. Security patches for the vulnerabilities were released on January 31, and Ivanti advises customers to factory reset vulnerable appliances before patching to block attackers' persistence.

Topics:business #authentication-bypass #cybersecurity #ivanti #patch #threat-monitoring #vulnerability

Share this article

Ivanti: Patch new Connect Secure auth bypass bug immediately BleepingComputer
Researchers say attackers are mass-exploiting new Ivanti VPN flaw TechCrunch
Joint Statement on Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities ENISA
As if 2 Ivanti vulnerabilities under exploit weren't bad enough, now there are 3 Ars Technica
Ivanti devices hit by wave of exploits for latest security hole The Register

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

76%

335 → 79 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights