Another serious Ivanti vulnerability has been found under attack, so update now

Ivanti can’t seem to catch a break

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Ivanti can’t seem to catch a break, as soon after discovering and patching two major flaws that were being exploited in the wild, a third one emerged.

Just like the previous two, this new threat also affects Ivanti’s Connect Secure and Policy SecureVPNproducts,

It’s tracked as CVE-2024-21893, and is described as a server-side request forgery. Ivanti published finding the flaw in late January this year, together with another vulnerability that hasn’t yet caught the hacking community’s attention.

A rocky start to the year

At the time, the company released a patch, and said it wasn’t aware of mass abuse. “We are only aware of a small number of customers who have been impacted by CVE-2024-21893 at this time,” the company said in the advisory.

However, citing information from Shadowserver,ArsTechnicareported that the abuse has “mushroomed” and exceeded that of CVE-2023-46805 and CVE-2024-21887, the two flaws hackers previously targeted.

It’s been a rocky start to 2024 for Ivanti after it recently discovered two high severity flaws that were being exploited in the wild.

At first, it released mitigations for the flaws, and later released a patch, but soon after publishing the findings, the US Government’s Cybersecurity and Infrastructure Security Agency (CISA) warned users of hackers actively exploiting the flaw and even advised government agencies to disconnect their Ivanti VPNs until they are able to completely rebuild them with the patch installed.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The first two flaws were abused by Chinese state-sponsored threat actors, the researchers said at the time. For the newest vulnerability, there is still no word on who the perpetrators are, but it’s safe to assume the same people. What’s more, endpoints protected against the first two flaws are vulnerable to the third one, unless they apply the separately-published patch.

While researchers from Rapid7 released a Proof-of-Concept (PoC) late last week, it doesn’t seem that it played a significant role, as researchers saw active exploitation hours earlier.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time