Sign in / up

back to article Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns

Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation. The news comes days after Ivanti, which releases its patches on a staggered schedule, said the first …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Furious Reg reader John

    Ivanti looking like bumbling idiots

    Portal log in problems all day.

    They deleted the original workaround files but haven't published the new ones. Update - they have just fixed this - https://forums.ivanti.com/s/article/Download-Links-Related-to-CVE-2023-46805-and-CVE-2024-21887

    Haven't released a patched version of the latest train of the OS for the latest product line, so those people on older trains can't upgrade to the latest train now while they are doing the patching.

    Documentation being updated without clear revision histories.

    All very amateurish.

    4 0 Reply
  2. BartyFartsLast Silver badge

    Cue yet another name change?

    Only a cynic would think they changed names so regularly to disassociate from earlier vulns.

    1 1 Reply
    1. WonkoTheSane
      Reply Icon
      Holmes

      Re: Cue yet another name change?

      Behaviour learned from Hermes / Evri / Whatever next

      1 0 Reply
  3. Nate Amsden

    factory reset only if you are hacked

    Unless you are super paranoid I guess. Their more in depth docs are more clear

    https://forums.ivanti.com/s/article/Recovery-Steps-Related-to-CVE-2023-46805-and-CVE-2024-21887?language=en_US

    "If your ICT scans were clean, you are not affected by this activity."

    Basically if the external integrity check fails then you should factory reset.

    Their new mitigation to work around the SAML thing seems to break SAML entirely(fortunately I don't use that..yet. But Duo is forcing everyone to SAML soon who uses Ivanti Secure, at least those that want the fancy Duo UI integration).

    0 0 Reply
  4. Claptrap314 Silver badge
    Facepalm

    Aieeee!

    A year ago, a VC we were courting hired an amature-hour pentester to look at our systems. They reported 15 critical vulnerabilities & 50 high. I remarked later that when I found out, I spent a couple of hours to "figure out if I needed to take our servers down or not". My C-level gave me a raised eyebrow over that. "You thought you hired me to keep your systems up? You hired me to protect patient data." And, you know, keep him out of jail.

    For the sysadmins out there with these borked products--I feel some of your pain. Hopefully, shutting the **** thing down is an option.

    0 0 Reply
  5. ldo

    I See Ivanti Support Linux Endpoints

    For those who don’t think that Linux deployments have become routine among corporates—this is a heads-up that it has.

    1 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: I See Ivanti Support Linux Endpoints

      Not for desktops. They mostly use WSL under Windows for that to keep legacy midrange devs happy.

      0 0 Reply
      1. ldo
        Reply Icon

        Re: Not for desktops.

        If they weren’t desktops, they wouldn’t need endpoint management.

        0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like