Last week, Volexity published a blog describing two vulnerabilities in Ivanti’s Connect “Secure” VPN [1]. These vulnerabilities have been exploited in limited, targeted attacks. At this point, Ivanti released a configuration workaround but no patch for this vulnerability. The configuration can be applied in the form of an encrypted XML file.
Article Link: https://isc.sans.edu/diary/rss/30562