Ivanti Warns of Mass-Exploited VPN Flaw
Originally Published 1 year ago — by The Register
Ivanti has disclosed a fifth vulnerability affecting its gateways, but has not credited the third-party researchers who discovered it, causing confusion. The high-severity authentication bypass flaw only affects limited supported versions and was discovered in-house, according to Ivanti. The company has been grappling with a series of vulnerabilities in its products, with attackers exploiting zero-days and developing workarounds for mitigations. The UK's NCSC has urged immediate patches for all five Ivanti vulnerabilities, while CISA has issued an emergency directive instructing federal agencies to disconnect the products entirely.