patches

Government-Sponsored Hackers Exploit Fresh Ivanti VPN Vulnerabilities – No Fixes Available

Gettyimages 548311037
U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month. Ivanti said the two vulnerabilities — tracked as CVE-2023-46805 and CVE-2024-21887 — were found in its Ivanti Connect Secure software. Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet. When TechCrunch asked why patches weren’t being made available immediately, Ivanti declined to comment. Ivanti is urging that potentially impacted organizations prioritize following its mitigation guidance, and U.S. cybersecurity agency CISA has also published an advisory urging Ivanti Connect Secure to mitigate the two vulnerabilities immediately.