Ivanti tried to patch its VPN security flaws — but just found more problems

Two weeks later, Ivanti urged users to apply the proposed workaround immediately as evidence started emerging of in-the-wild abuse, mostly by Chinese state-sponsored threat actors.

Multiple compromised systems

A patch was in the works - but as Ivanti set out to patch the flaws, it said it found two more lurking in Connect Secure VPN, TechCrunch reports. 

One is CVE-2024-21888, described as a privilege escalation flaw. The latter, a zero-day, is a server-side vulnerability enabling hackers to access restricted resources, unauthenticated. The company is also warning that the latter is being used in “targeted” attacks.

In its writeup, TechCrunch also said that Germany’s Federal Office for Information Security was also aware of “multiple compromised systems” and that all previously patched systems were at risk of the server-side bug.

While Ivanti isn’t pointing any fingers, both Volexity and Mandiant said that the previous two flaws were being used by Chinese state-sponsored threat actors. Ivanti and independent researchers also don’t seem to be seeing eye-to-eye on the number of victims, as well. While Ivanti claims that fewer than 20 of its customers were affected by the bug (up from previously claimed 10), Volexity puts that number at 1,700, at least. Even CISA weighed in recently, urging all federal agencies to apply the patch immediately, due to evidence of the flaws being used by hackers.

More from TechRadar Pro

• Ivanti warns Connect Secure zero-days exploited by hackers
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now