CISA Advisory

Ivanti Connect Secure VPN Exploitation

AA24-038A • Published February 7, 2024

Severity: critical

Hackers found two serious bugs in Ivanti VPN software that let them break into networks without any password. Many organizations use this VPN for remote work. If you use Ivanti VPN, follow the emergency mitigation steps immediately.

Overview

Emergency advisory on active exploitation of Ivanti Connect Secure VPN vulnerabilities. Threat actors are chaining CVE-2023-46805 and CVE-2024-21887 for unauthenticated remote code execution.

Who Is At Risk

  • Organizations using Ivanti Connect Secure
  • Organizations using Ivanti Policy Secure
  • Government agencies
  • Large enterprises with remote workforce
  • Healthcare organizations

Affected Products

Ivanti Connect Secure, Ivanti Policy Secure

Is your business exposed?

Immediate Actions

  1. 1.

    Apply Ivanti mitigation immediately

  2. 2.

    Run Ivanti Integrity Checker Tool

  3. 3.

    Hunt for indicators of compromise

  4. 4.

    Consider factory reset of affected devices

  5. 5.

    Revoke and reissue all VPN user credentials

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices