State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet

State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet

10 months ago
Anonymous $6hYC3Wwiad

https://techcrunch.com/2024/01/11/ivanti-connect-vpn-zero-days-china-backed-hackers/

U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month.

Ivanti said the two vulnerabilities — tracked as CVE-2023-46805 and CVE-2024-21887 — were found in its Ivanti Connect Secure software. Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet.

State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet

Thu Jan 11, 4:32pm UTC
https://techcrunch.com/2024/01/11/ivanti-connect-vpn-zero-days-china-backed-hackers/ > U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month. > Ivanti said the two vulnerabilities — tracked as CVE-2023-46805 and CVE-2024-21887 — were found in its Ivanti Connect Secure software. Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet.