Knowing which operating system, as well as libraries, Ivanti Pulse Secure used, it is no surprise that hackers continue to find new zero-day vulnerabilities to exploit.
That is the conclusion of Eclypsium security analysts, who analyzed firmware version 9.1.18.2-24467.1 and concluded that the operating system used was CentOS 6.4.
“Pulse Secure runs an 11-year-old version of Linux that has not been supported since November 2020,” it said in the follow-up report.
Thousands of vulnerable endpoints
What's more, Eclypsium discovered multiple libraries that, among themselves, are vulnerable to 973 flaws. Of them, 111 have publicly known exploits. “This is a perfect example of why visibility into digital supply chains is important and why enterprise customers are increasingly demanding SBOM from their suppliers,” the researchers concluded.
There's more: Researchers found more than 1,200 problems in 76 shell scripts, more than 5,000 flaws in 5,392 Python files, and 133 obsolete certificates.
Finally, Eclypsium also discovered a problem in the logic of the Integrity Checker Tool (ITC), which the company recommends as a reference tool when looking for indicators of compromise, it said. As the tool excludes more than a dozen important directories, hackers could easily pass the integrity check and remain on the endpoint.
A separate report from beepcomputer claims that thousands of Ivanti's Connect Secure and Policy Secure endpoints remain vulnerable to the flaws found earlier this year. Despite patches already deployed, hackers are exploiting outdated endpoints for CVE-2024-22024, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, and CVE-2024-21888.
Cybersecurity researcher Yutaka Sejiyam scanned the Internet through Shodan and discovered, at the time of writing, that there were more than 13,600 Ivanti servers still vulnerable to the aforementioned flaws.
Some of the vulnerabilities, media previously reported, were abused by state-sponsored threat actors and used in espionage campaigns.
Through Hacker News
