Ivanti Pulse Secure used decade-old Linux and outdated libraries; no wonder it was such a popular target for hackers
Since we know what operating system and libraries Ivanti Pulse Secure used, it’s no wonder hackers keep finding new zero-day vulnerabilities to exploit.
That’s the conclusion from Eclypsium security analysts, who analyzed firmware version 9.1.18.2-24467.1 and concluded that the operating system used was CentOS 6.4.
“Pulse Secure runs an 11-year-old version of Linux that has been unsupported since November 2020,” the follow-up report said.
Thousands of vulnerable endpoints
Additionally, Eclypsium discovered multiple libraries that, among themselves, are vulnerable to 973 errors. Of those, 111 have publicly known exploits. “This is a perfect example of why visibility in digital supply chains is important and why enterprise customers are increasingly demanding SBOMs from their suppliers,” the researchers concluded.
There’s more: Researchers found more than 1,200 issues in 76 shell scripts, more than 5,000 errors in 5,392 Python files, and 133 outdated certificates.
Finally, Eclypsium also discovered a problem in the logic of the Integrity Checker Tool (ITC), which the company recommends as the go-to tool when looking for indicators of compromise, the company said. Since the tool excludes more than a dozen important folders, hackers can easily pass the integrity check and remain on the endpoint.
A separate report of BleepingComputer claims that thousands of Ivanti’s Connect Secure and Policy Secure endpoints remain vulnerable to the flaws discovered earlier this year. Despite the patches already deployed, hackers are exploiting outdated endpoints for CVE-2024-22024, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, and CVE-2024-21888.
Cybersecurity researcher Yutaka Sejiyam scanned the internet via Shodan and found at press time that more than 13,600 Ivanti servers were still vulnerable to the aforementioned flaws.
Some of the vulnerabilities, media previously reported, were exploited by state-sponsored threat actors and used in espionage campaigns.
Through The hacker news