Two critical zero-day vulnerabilities were discovered in Ivanti Connect Secure. Organizations that take advantage of this need to take action as quickly as possible.

Unknown hackers are actively targeting two critical zero-day vulnerabilities. This would allow them to bypass two-factor authentication (2FA) to execute malicious code on a commonly used Ivanti network device, Connect Secure. This isn’t the first time Ivanti has come into contact with this.

CVE-2023-846805 and CVE-2024-21887

Ivanti Connect Secure customers should take immediate action and follow risk mitigation guidelines. The vulnerabilities are marked CVE-2023-846805 and CVE-2024-21887 and are located in Ivanti Connect Secure, a widely used VPN device formerly known as Pulse Secure. It’s not the first time the company has come into contact with zero-days being widely exploited.

Researchers at security firm Veloxity wrote that these two vulnerabilities combined make executing commands on the system trivial. Like other VPNs, only authorized devices can grant permission to connect remotely. This “always-on” status makes the device an ideal target for discovering vulnerabilities in the codes.

So far, zero-days appear to have been exploited in small numbers, but there is a good chance that this could change, concludes Steven Adair, CEO of Veloxity.