Addressing the active exploitation of Ivanti VPN vulnerabilities (urgent advisory) 

A recent advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on vulnerabilities in Ivanti VPNs that are currently being actively exploited by malicious actors.  

Ivanti VPN solutions, widely utilized for their robust security features and efficient network management capabilities, have recently been identified as containing critical vulnerabilities. These security flaws could potentially allow attackers to execute arbitrary code, gain unauthorized access to sensitive information, or disrupt service operations through denial-of-service attacks. 

The advisory from CISA, a pivotal entity in the cybersecurity domain, acts as a clarion call for organizations utilizing Ivanti VPN solutions. According to CISA, there is concrete evidence of active exploitation of these vulnerabilities. The alert emphasizes the urgency for network administrators and cybersecurity teams to apply available patches, adhere to recommended security practices, and monitor network activity for signs of compromise. CISA’s advisory not only highlights the risks, but also provides guidance on mitigation strategies and best practices for securing affected systems against potential attacks. 

Outpost24’s analysis and recommendations  

In alignment with the advisory’s findings, our research has revealed a concerning scenario: honeypot data has shown more than 200 exploitation attempts in the last few days. With more than 2000 Ivanti servers exposed to the internet, it’s a matter of time before threat actors identify an unpatched server. 

Figure 1: Exposed Ivanti Servers from Shodan Search Engine

The active exploitation of vulnerabilities within Ivanti VPN solutions serves as a stark reminder of the critical need for monitoring, patching, as well as vulnerability management processes. CISA’s advisory, coupled with Outpost24’s findings, underscore the urgency of addressing these vulnerabilities.  

By leveraging our vulnerability management solution, organizations can ensure they are equipped to detect, respond to, and mitigate the Ivanti VPN vulnerabilities effectively, safeguarding their digital infrastructure against current and future cyber threats. 

In the digital age, where vulnerabilities can be exploited in the blink of an eye, it is imperative for organizations to stay ahead of the curve. Outpost24 is committed to providing cutting-edge solutions and expert guidance to help our clients navigate the complex cybersecurity landscape with confidence and resilience. 

About the Author

Victor Acin
Victor Acin Threat Intelligence Labs Manager, Outpost24

Victor leads Outpost24’s threat intelligence team, KrakenLabs. He has more than 10 years of cybersecurity experience in various roles including ethical hacker, reverse engineer, and threat intelligence analyst.