BACK TO INCIDENTSWEB APPLICATION ATTACK
CONFIRMED
Ivanti
DATE: January 10, 2024
SECTOR: Technology
LOCATION: United States
SUMMARY
Critical zero-day vulnerabilities exploited in Ivanti Connect Secure VPN appliances
DETAILED ANALYSIS
Two critical zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) were discovered being actively exploited in Ivanti Connect Secure VPN appliances. The vulnerabilities allowed unauthenticated remote code execution and were linked to Chinese state-sponsored threat actors.
IMPACT ASSESSMENT
Widespread compromise of VPN appliances, potential access to corporate networks
INCIDENT METADATA
INCIDENT ID
INC-2024-003
THREAT TYPE
Web Application
INDUSTRY
Technology
STATUS
Confirmed
SOURCE REFERENCE
https://www.cisa.gov/news-events/alerts/2024/01/19/cisa-issues-emergency-directive-requiring-federal-agencies-mitigate-ivanti-connect-secure-andEXPLOITED VULNERABILITIES (3)
The following CVEs were exploited or related to this incident: