Critical Zero-Day Exploits in Ivanti VPN: Bypassing 2FA and Commanding Network Control

Actively exploited zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliance, identified as CVE-2023-46805 and CVE-2024-21887, allowing attackers to bypass two-factor authentication and execute malicious code. Security firm Volexity reported that these vulnerabilities enable attackers to modify system files and steal credentials. Exploiting these vulnerabilities, attributed to the suspected Chinese nation-state threat actor UTA0178, leads to significant network access. Despite current low-level, targeted exploitation, there is potential for wider abuse if mitigations are not promptly applied.

Reference: https://arstechnica.com/security/2024/01/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks/?web_view=true