Back to Markets
ZERO-DAYRESOLVEDIvantizero-dayVPNnation-stateCVE-2024-21887auto-generated

Will Ivanti Connect Secure zero-day vulnerabilities be actively exploited before a full patch is available?

RESOLVEDYESJan 19, 2024

Volexity confirmed active exploitation of CVE-2023-46805 and CVE-2024-21887 as of January 10, 2024. CISA issued Emergency Directive 24-01 requiring federal agencies to disconnect affected devices. Over 2,100 devices were compromised globally before patches were available.

Evidence: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
65%
YES
35%
NO
0 predictions
YES
NO
70%60%50%40%30%
30d25d20d15d10d5dnow

Market Overview

AI GENERATED

Ivanti disclosed two zero-day vulnerabilities in Connect Secure VPN (CVE-2023-46805 authentication bypass and CVE-2024-21887 command injection) in January 2024. Volexity detected exploitation by a suspected Chinese nation-state actor targeting government and technology organizations globally.

Primary Source

Resolution Criteria

Credible security researchers or government agencies confirm active in-the-wild exploitation of Ivanti Connect Secure zero-days before Ivanti releases a complete patch. Confirmable via Volexity, Mandiant, CISA advisory, or Ivanti official statement.

Market Info

ClosesMarch 1, 2024
CreatedJan 11, 2024
CategoryZero-Day
Created by@ThreatOdds
Creator accuracy0%
ResolutionCommunity vote + moderator
StatusLIVE

MARKET STATS

Total Predictions0
ClosesMarch 1, 2024
ResolutionCommunity + Moderator
CategoryZero-Day
Beta Feedback