DNS is the phone book of the internet, but traditional...
Read More
Enterprise VPNs are meant to be the gatekeepers of remote access, but when their security is flawed, they can become the very entry point attackers need. The widespread issue of Ivanti Connect Secure vulnerabilities has emerged as a critical concern.
Ivanti Connect Secure (formerly Pulse Secure) is one of the most widely deployed VPN solutions worldwide, trusted by organizations large and small. Yet, throughout 2024, a series of high impact vulnerabilities, including CVE-2024-22024, has put thousands of networks at risk, exposing sensitive data and eroding trust.
This post brings together insights from leading security researchers and news outlets to explain what’s happening with Ivanti Connect Secure, what the latest vulnerabilities mean, and how organizations can defend themselves in this turbulent landscape.
Ivanti Connect Secure vulnerabilities - The Vulnerability Wave: CVE-2024-22024 and Beyond
In early 2024, Ivanti disclosed multiple critical vulnerabilities in its Connect Secure VPN and Policy Secure gateways. The most notable, CVE-2024-22024, enables remote attackers to bypass authentication, access internal systems, and potentially deploy malware or ransomware. But the problems didn’t stop there; a fifth major flaw was disclosed soon after, underscoring persistent security gaps in the platform.
Key Vulnerabilities (in 2024):
CVE-2024-21893, CVE-2024-21887, CVE-2024-22024: Allow attackers to bypass authentication and access sensitive resources.
New auth bypass flaw (February 2024): Affects both Connect Secure and Ivanti’s Zero Trust Access (ZTA) gateways, broadening the risk to even more deployments.
Ivanti Connect Secure vulnerabilities - Why These Flaws Are So Concerning
Authentication Bypass: Attackers don’t need stolen credentials, they exploit flaws in the VPN gateway itself.
Chained Attacks: Exploits can be combined with other bugs or credentials for deeper intrusion and lateral movement.
Uncredited Research: Some vulnerabilities were found and responsibly disclosed by outside researchers but not always acknowledged by Ivanti, fueling industry debate over vendor transparency.
Persistence and Exploitation: Active exploitation has been reported, with attackers targeting exposed Ivanti devices and leveraging flaws to drop web shells, exfiltrate data, or establish long term access.
Ivanti Connect Secure vulnerabilities - What Should Organizations Do Now?
Patch Immediately and Verify Updates
Apply all available Ivanti security patches for Connect Secure, Policy Secure, and ZTA Gateways. Confirm patches are applied not just downloaded.
Audit Device Exposure
Check which devices are exposed to the internet. Limit access to management interfaces and place VPNs behind additional layers of protection if possible.
Hunt for Signs of Compromise
Use Ivanti and third-party IOCs (indicators of compromise) to search for web shells, unusual logins, and other signs of intrusion. Consider consulting with an incident response partner.
Monitor for New Advisories
Given the frequency of new vulnerabilities, subscribe to Ivanti, CISA, and trusted security news feeds to stay on top of emerging threats.
Review Remote Access Strategy
Consider zero trust network access (ZTNA) or SASE solutions to reduce reliance on traditional VPNs and enhance security.
Industry and Community Response
The pace and seriousness of the Ivanti vulnerabilities have drawn attention from government agencies, CERTs, and the wider security community. Debates continue about vendor disclosure practices, credit for vulnerability finders, and whether it’s time for enterprises to look for alternatives.
The rapid fire discovery of new bugs highlights the need for ongoing vigilance not just one-time patching.
Ivanti Connect Secure vulnerabilities - Call to Action
Is your organization affected by the Ivanti Connect Secure vulnerabilities?
What’s your plan for managing VPN risk in 2024?
Share your thoughts in the comments and subscribe for more security updates.
Inside the Ivanti Storm: Understanding the Ongoing Connect Secure Vulnerabilities
Enterprise VPNs are meant to be the gatekeepers of remote...
Read More
Booking.com phishing campaign – ClickFix Campaign Spoofs Booking.com for Malware Delivery
Phishing attacks keep evolving, and so do the tactics cyber...
Read More
Choosing the Right Encryption Protocols: A 2025 Guide to Staying Secure
With data breaches, ransomware, and surveillance threats at an all...
Read More
Leave a Reply