Ivanti Discloses Two Critical Vulnerabilities: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable
“The lack of a patch for these Ivanti vulnerabilities (CVE-2023-46805 and CVE-2024-21887) is a great concern. The anticipated wait time for a patch is several weeks – some product users will have to wait until February for a patch. As soon as a proof of concept is available for this exploit chain, we expect malicious activity to spike, especially based on historical activity targeting these products. Mitigations are available, but there’s no “easy button” as it’s all on the end user to know about the existence of these vulnerabilities and know how to apply the mitigations. Impacted organizations need to apply these as soon as possible.” – Satnam Narang, Senior Staff Research Engineer, Tenable