Ivanti On-premise VPN vs. Cloud Based ZTNA: Costs, Risks, and Performance - Seguridad Mania.com - España y América Latina

Recently, Ivanti Connect Secure appliances and the Ivanti Policy Secure devices have faced active exploitation through a series of linked vulnerabilities of high or critical severity. On January 12, 2024, the following CVEs were published in the National Vulnerability Database (NVD): CVE-2023-46805 (high severity authentication bypass vulnerability) and CVE-2024-21887 (critical severity command injection vulnerability). Currently these vulnerabilities impact all supported versions of the Ivanti gateways. More specifically, an exploit chain combining the authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) have been used to enable attackers to execute code remotely without authentication. Subsequently, on January 31, 2024, two additional high severity vulnerabilities were disclosed by Ivanti and published to the NVD (CVE-2024-21888 & CVE-2024-21893), at which time CISA issued an emergency directive to all U.S. federal agencies to mitigate (i.e. disconnect) Ivanti Connect Secure and Ivanti Policy Secure products from their networks no later than 11:59 p.m. on February 2, 2024. This session will talk about the current Ivanti Vulnerabilities, how these impacts both your business and the private sector, and how Versa Networks with our SASE solution can help to mitigate and/or potentially replace the Ivanti solution to strengthen your security architecture starting with our free 90-day trial.