Ivanti yesterday raised the alarm for a pair of remotely exploitable vulnerabilities in its enterprise-facing products and warned that one of the bugs has already been exploited in the wild.
Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution. CVE-2025-0283 could allow a local authenticated attacker to escalate privileges.
Martin Jartelius, CISO at Outpost24, commented:
“Last time we had an Ivanti zero-day exploitation, the attackers shifted to their active/destructive phase as the patch became available. So, anyone impacted should firstly patch at once, and secondly review their readiness in incident response and keep extra eyes on their monitoring for the near future. Many still remember the Akira breach against Tietoevry in Sweden and its cascading impact on organizations and government agencies as the impacted organization was a service provider.”
Ivanti yet again makes the news for all the wrong reasons. Which means that if you have any Ivanti products in your environment, you need to drop what you’re doing and patch all the things.
Like this:
Like Loading...
Related
This entry was posted on January 9, 2025 at 2:21 pm and is filed under Commentary with tags Ivanti. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Among Other Products
Ivanti yesterday raised the alarm for a pair of remotely exploitable vulnerabilities in its enterprise-facing products and warned that one of the bugs has already been exploited in the wild.
Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution. CVE-2025-0283 could allow a local authenticated attacker to escalate privileges.
Martin Jartelius, CISO at Outpost24, commented:
“Last time we had an Ivanti zero-day exploitation, the attackers shifted to their active/destructive phase as the patch became available. So, anyone impacted should firstly patch at once, and secondly review their readiness in incident response and keep extra eyes on their monitoring for the near future. Many still remember the Akira breach against Tietoevry in Sweden and its cascading impact on organizations and government agencies as the impacted organization was a service provider.”
Ivanti yet again makes the news for all the wrong reasons. Which means that if you have any Ivanti products in your environment, you need to drop what you’re doing and patch all the things.
Share this:
Like this:
Related
This entry was posted on January 9, 2025 at 2:21 pm and is filed under Commentary with tags Ivanti. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.