A recent analysis of public data reveals that hackers are actively exploiting a third vulnerability in Ivanti's widely used enterprise VPN appliance. The identified flaw, CVE-2024-21893, specifically relates to a server-side request forgery flaw and is currently the target of mass exploitation.

Although Ivanti has released patches to address these vulnerabilities, security researchers anticipate continued impact on organisations, given the ongoing exploitation by various hacking groups.

Further investigation into the new server-side flaw indicates that it can be leveraged to circumvent Ivanti's original mitigations implemented for the initial exploit chain involving the first two vulnerabilities. This renders these pre-patch mitigations ineffective.

The responsible party behind the mass exploitation remains unclear.

Previously, Ivanti sounded the alarm on CVE-2023-46805 and CVE-2024-21887. This warning led the US Cybersecurity and Infrastructure Security Agency (CISA) to issue a directive instructing federal agencies to immediately disconnect Ivanti VPN appliances due to the heightened risk of malicious exploitation stemming from multiple software vulnerabilities.