Will Ivanti Connect Secure zero-day vulnerabilities be actively exploited before a full patch is available?
Volexity confirmed active exploitation of CVE-2023-46805 and CVE-2024-21887 as of January 10, 2024. CISA issued Emergency Directive 24-01 requiring federal agencies to disconnect affected devices. Over 2,100 devices were compromised globally before patches were available.
Evidence: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060bMarket Overview
AI GENERATEDIvanti disclosed two zero-day vulnerabilities in Connect Secure VPN (CVE-2023-46805 authentication bypass and CVE-2024-21887 command injection) in January 2024. Volexity detected exploitation by a suspected Chinese nation-state actor targeting government and technology organizations globally.
Primary SourceResolution Criteria
Credible security researchers or government agencies confirm active in-the-wild exploitation of Ivanti Connect Secure zero-days before Ivanti releases a complete patch. Confirmable via Volexity, Mandiant, CISA advisory, or Ivanti official statement.