Zscaler | Ivanti blog

Ivanti VPN Vulnerability

Recently, the US Cybersecurity Agency (CISA) issued an Emergency Directive (ED 24-01) regarding the widespread exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure solutions.

These zero-day vulnerabilities allowed a remote attacker to bypass authentication and perform remote command injection, as well as abuse escalation of privileges and server-side request forgery.

The Ivanti incident highlights the crucial need for a zero trust architecture. Evolving exploits and using patches alone are not enough. Improve your security posture by implementing a Zero Trust architecture.

For more information, read this blog published by the Zscaler ThreatLabz team.

https://www.zscaler.com/blogs/security-research/threatlabz-coverage-advisory-ivanti-s-vpn-vulnerabilities-exploited-hackers