Security News > 2024 > February > New Ivanti Secure VPN Zero-Day Vulnerabilities and Patches
Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide.
The chaining of the two vulnerabilities allow any attacker to execute remote code without any authentication and compromise affected systems.
What are the Ivanti Secure VPN zero-day vulnerabilities?
Ivanti published an official security advisory and knowledge base article about two zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affecting all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways.
Patrice Auffret, founder, chief executive officer and chief technology officer at ONYPHE, a French cyber defense search engine dedicated to attack surface discovery and attack surface management, told TechRepublic in an email interview earlier today that 29,664 Ivanti Secure VPN appliances are connected to the internet, with more than 40% of the exposed systems being in the U.S., followed by Japan and Germany.
The incident response revealed that a threat actor modified several files placed on the Ivanti Connect Secure VPN appliance.
News URL
https://www.techrepublic.com/article/volexity-ivanti-connect-secure-vpn-vulnerabilities/
Related news
- Ivanti patches Connect Secure zero-day exploited since mid-March (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) (source)
- Ivanti fixes EPMM zero-days chained in code execution attacks (source)
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)
- Ivanti patches two zero-days under active attack as intel agency warns customers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-12 | CVE-2023-46805 | Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 8.2 |