Learn about critical Ivanti Connect Secure CVEs, their exploitation, and how Versa Networks provides protection through ZTNA, VSIA, and NGFW solutions.| The Versa Networks Blog - The Versa Networks Blog
On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day.| Volexity
On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA0178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by m...| Volexity
SUMMARY| Cybersecurity and Infrastructure Security Agency CISA