A group of hackers that could work for the Chinese Government has exploited two serious vulnerabilities in Ivanti VPN devices to infect networks worldwide. These vulnerabilities would allow attackers to bypass two-factor authentication and execute malicious code on systems using Ivanti Connect Secure, a very popular VPN.
According to the security company Censys, at least 492 Ivanti VPN devices would be infected, out of a total of 26,000 that are connected to the Internet. The company claims that more than a quarter of the compromised devices are located in the United States.
Ivanti has not yet released patches to fix these vulnerabilities, known as CVE-2023-46805 and CVE-2024-21887. The company has published a mitigation and recovery guide that affected users are recommended to follow. The United States Cybersecurity and Infrastructure Security Agency has issued a directive that requires all civilian government agencies to take corrective actions to prevent the exploitation of these vulnerabilities.
Thanks to these vulnerabilities, hackers could steal data, modify files, download remote files, and create reverse tunnels from VPN devices, as detailed by Censys. They could also capture user credentials who connect to the VPN.