Ivanti CEO Jeff Abbott has promised a renewed focus at the company on product security, after multiple zero days in its SSL VPN appliances were exploited in the wild this year – thousands of customers were breached.
Subsequent product analysis of the Ivanti Pulse Secure product showed that it was built with a sweeping array of unsupported and end-of-life software packages and shipped with massive 973 known vulnerabilities.
This included an 11-year-old, unsupported base operating system.
Among the Ivanti zero days exploited this year were a brace that gave any unauthenticated remote attacker remote code execution and bypassed multi-factor authentication. Mass attacks started on January 11.
