News: 0175858759

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Hackers Are Exploiting a New Ivanti VPN Security Bug To Hack Into Company Networks (techcrunch.com)

(Thursday January 09, 2025 @11:45AM (msmash) from the security-woes dept.)


U.S. software giant Ivanti has [1]warned that a zero-day vulnerability in its widely-used enterprise VPN appliance has been exploited to compromise the networks of its corporate customers. From a report:

> Ivanti said on Wednesday that the critical-rated vulnerability, tracked as CVE-2025-0282, can be exploited without any authentication to remotely plant malicious code on Ivanti's Connect Secure, Policy Secure, and ZTA Gateways products. Ivanti says its Connect Secure remote-access VPN solution is "the most widely adopted SSL VPN by organizations of every size, across every major industry."

>

> This is the latest exploited security vulnerability to target Ivanti's products in recent years. Last year, the technology maker pledged to overhaul its security processes after hackers targeted vulnerabilities in several of its products to launch mass-hacks against its customers. The company said it became aware of the latest vulnerability after its Ivanti Integrity Checker Tool (ICT) flagged malicious activity on some customer appliances.



[1] https://techcrunch.com/2025/01/09/hackers-are-exploiting-a-new-ivanti-vpn-security-bug-to-hack-into-company-networks/


Correction (Score:3)

by Gravis Zero ( 934156 )

> Last year, [Ivanti] pledged to overhaul its security processes after hackers targeted vulnerabilities in several of its products to launch mass-hacks against its customers.

Last year, Ivanti lied to it's customers about securing their products.

In terms of scale and complexity (Score:4, Interesting)

by DarkOx ( 621550 )

In terms of scale and complexity of scale and complexity - TLS VPN gateways are not exactly the peak of enterprise IT product engineering.

Yet it seems like there is a RCE or authentication bypasses in one the majors at least once a year. It is hard to not go all tinfoil hat and think it is intentional..

Re: (Score:3)

by DarkOx ( 621550 )

It is a corporate VPN solution it isn't even in the same general market space as any of the things you mentioned.

This is for connecting to your network remotely (Score:2)

by _merlin ( 160982 )

This is a device you put on your network so you can establish a VPN connection to your network from elsewhere on the Internet. This allows you to access servers not exposed to the Internet directly, etc. These things are more important than ever with remote work (supposedly) being all the rage.

The services you listed are VPNs for obscuring your IP address when accessing services on the Internet. That isn't even close to the same thing.

You could at least list other products in the same space, e.g. Cisco A

Buffer overflows in 2025? (Score:2)

by Pinky's Brain ( 1158667 )

I thought code analysis had fixed all buffer overflows by now?

If you're companty still uses Ivanti VPN products (Score:1)

by Xyrx ( 109960 )

and are not in the process of moving away from them, you need to leave and find another job. Our organization has lost all trust in Ivanti after the shitshow last year with their VPN and other products as well. Ivanti is an example of what happens when the big fish gobbles up the little fish, and continues selling the same product without maintaining/updating the code.

Security check: INTRUDER ALERT!