Increasing Exploitation of VPN Vulnerabilities Targets the Ivanti EPMM Vulnerability


Two newly discovered vulnerabilities have led to an increase in the number of compromised Ivanti Connect Secure VPN appliances, and the US security agency CISA has issued a warning that another Ivanti product flaw is being exploited.

Volexity, a threat intelligence and incident response firm, reported on January 10 that a cyberespionage group linked to China (UTA0178) was spotted exploiting two Ivanti VPN zero-day vulnerabilities to gain access to internal networks. The vulnerabilities are an authentication bypass flaw (CVE-2023-46805) and a command injection flaw (CVE-2024-21887).

A remote, unauthenticated attacker can chain the vulnerabilities together to execute arbitrary commands on the targeted Ivanti VPN appliance. Ivanti has released mitigations, but patches are only expected to be available beginning next week.

Read More: Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.