Zero-Day Vulnerability in Ivanti VPN

Clive Robinson •

January 9, 2025 7:18 PM

@ ALL,

Such failings are to be expected as almost a fact of life. The reasons are many and all to often two are,

1, Over complexity.
2, Over featured.

The first is oft the fault of developers with an overly developed “Code Reuse” not “security” mentality.

The second is oft the fault of marketing with an overly developed “must have feature” not “security” mentality.

But… It can also be easily –if incorrectly– argued that those who buy have no sense of “security” in their purchasing choices.

The reality is few have the required level of understanding and as such have better things to do with their time, rather than learn that which has near zero return on the investment in time, effort, and resources needed to gain the understanding.

The reality is even for supposed gurus the air in this are is as thin if not thinner than the rarefied atmosphere atop Mt Everest.

It’s interesting to ask people why they use a VPN. If you say is it for message content security or message traffic security, the answer is unlikely to be either.

Often the major use of VPN’s is about where you appear to be within the perceived geo-location. That is to get around some service filtering, the most obvious being “media licencing” evasion / management.

Thus the fact that the system has been hacked may actually not be as much of a concern to some as might be thought at first consideration. Because either the VPN sits entirely outside of their security perimeter, where the main threat for them is DoS that exists irrespective of the VPN. Or it sits entirely within their security perimeter, where another failing such as a perimeter device has to be exploited first.

As for the other systems effected then yes this for most is more serious. Especially if it can bridge the security perimeter.