back to article Ivanti devices hit by wave of exploits for latest security hole

Various miscreants are attempting to exploit the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 that can be used to hijack equipment. That's according to threat hunters tracking the string of CVE-listed security holes plaguing the VPN gateways in recent weeks. Ivanti on …

  1. HuBo
    Alert

    Trusted by over 40,000 customers worldwide

    According to their website, the Ivanti Connect Secure Remote Access VPN provides proven secure corporate access, and is:

    "The most widely deployed SSL VPN for organizations of any size across every major industry."

    I sure hope they fix those "server-side request forgery", "authentication bypass", and "common injection" flaws, pronto!

  2. DJV Silver badge

    Maybe a change of name is required

    How about Ivanti Connect Insecure and Ivanti Policy Insecure?

  3. Doogie Howser MD

    Nice work PAN

    Bit rich of Palo Alto to launch a promotion to get Ivanti users onto their platform when they have a problem with CVEs themselves. Rank behaviour.

  4. Morten Bjoernsvik

    Juniper -> Pulse -> Ivanti

    Wonder how many left from the original Juniper crew are left. None I believe

    1. Anonymous Coward
      Anonymous Coward

      Re: Juniper -> Pulse -> Ivanti

      Juniper asquired the product with their Netscreen purchase, and Netscreen bought it via their purchase of Neoteris who wrote it oritinally.

      And if you hammer one hard enough, you can get it to spit out some ancient, and unchanged, neoteris info...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like