A coalition of global cybersecurity agencies, led by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has issued an urgent advisory regarding the active exploitation of critical vulnerabilities within Ivanti Connect Secure VPN appliances. The security flaws, identified as CVE-2023-46805 and CVE-2024-21887, are currently being leveraged by sophisticated threat actors to bypass authentication and execute unauthorized commands on compromised systems. Given the widespread use of these appliances across government and private sector infrastructure, officials are urging organizations to treat this situation with the highest level of priority.

The exploitation chain allows attackers to perform reconnaissance, move laterally through internal networks, and establish persistent access by bypassing standard multi-factor authentication protocols. Security researchers have observed a rapid increase in automated scanning and targeted attacks aimed at unpatched appliances. Because the vulnerability exists at the edge of corporate networks, these devices serve as primary entry points for attackers seeking to deploy ransomware or engage in data exfiltration activities.

In response, Ivanti has released mitigation steps and is working to roll out permanent security patches for all affected versions. Agencies are strictly advising administrators to audit their environments for signs of compromise, specifically looking for anomalous log entries and unexpected file modifications. Organizations that fail to apply the recommended patches or mitigation measures immediately remain at significant risk of total system takeover. Industry experts continue to monitor the situation as the threat landscape evolves in real-time.