Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways.
Before installing updates, the vendor recommends performing a factory reset.
We’ve seen this exploit affecting some high profile companies.
https://www.ncsc.gov.uk/news/active-exploitation-ivanti-vulnerabilities
It seems every other week Ivanti discloses a 0-day… :\
Let me guess: SSL VPN. Again.
The good news is that there are a rapidly growing number of Wireguard using ZTNA providers. So, we should be seeing the bugs in Wireguard soon.^^^TM
This one has had some high profile companies breached, just hasn’t been announced yet due to ongoing investigations
Which kind of happens to everyone, eg Microsoft. The difference is, these products are marketed specifically as security products frankly do one thing only. It should be easier to get right, and they should have a marketing drive to do better.
How do they still have customers at this point? Like I get that every vendor has their 0day disclosures, and SSL-VPN in particular has been hit hard, but it seems Ivanti/Pulse/Whatever is disclosing CVSS-10s every quarter on their vpn product
You won’t be seeing memory corruption bugs in Wireguard, all known implementations are in a memory safe language.
Well Nominet waa breached in this one, this will probably get removed too
At this point it seems like just doing NAT port fowards of all your internal infra is just as secure as putting an Ivanti VPN appliance on your edge.
And has wireguard figured out a sane way to do end user authentication yet?
No, and it’s unlikely they will
Non-amateurs that want to do it right use Tailscale or Netbird or similar