Ivanti Warns of Mass-Exploited VPN Flaw

February 9, 2024 at 09:30 PM

•

1 min read

Ivanti Warns of Mass-Exploited VPN Flaw — Photo: The Register

TL;DR Summary

Ivanti has disclosed a fifth vulnerability affecting its gateways, but has not credited the third-party researchers who discovered it, causing confusion. The high-severity authentication bypass flaw only affects limited supported versions and was discovered in-house, according to Ivanti. The company has been grappling with a series of vulnerabilities in its products, with attackers exploiting zero-days and developing workarounds for mitigations. The UK's NCSC has urged immediate patches for all five Ivanti vulnerabilities, while CISA has issued an emergency directive instructing federal agencies to disconnect the products entirely.

Topics:business #cybersecurity #ivanti #patching-schedule #technology #vulnerability #zero-day

Share this article

Ivanti discloses fifth vulnerability, doesn't credit researchers who found it The Register
Joint Statement on Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities ENISA
Ivanti: Patch new Connect Secure auth bypass bug immediately BleepingComputer
Researchers say attackers are mass-exploiting new Ivanti VPN flaw TechCrunch
Ivanti publishes urgent warning about new vulnerability The Record from Recorded Future News

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

87%

685 → 87 words

Want the full story? Read the original article

Read on The Register

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights