The Gates Are Open: Why Recent Security Flaws in Enterprise Software Matter
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its “must-patch” list, signaling that hackers are actively weaponizing vulnerabilities in software from SolarWinds, Ivanti, and Hewlett Packard Enterprise (HPE). These additions to the Known Exploited Vulnerabilities (KEV) catalog serve as a definitive red flag for IT departments across the country. When a bug hits this list, it means the theoretical risk has turned into a practical reality. Hackers are already inside someone’s house, and they’re looking for the next unlocked door.
What Happened?
In a series of updates this week, CISA identified three specific vulnerabilities that require immediate attention. The first involves SolarWinds Access Rights Manager (ARM), tracked as CVE-2024-28991. This flaw allows an unauthenticated attacker to read sensitive files on a server, potentially exposing credentials or configuration data.
The second major threat targets Ivanti Connect Secure and Policy Secure gateways (CVE-2024-22024). This is a classic “bypass” vulnerability where an attacker can get around web authentication to access restricted resources without a password. Finally, CISA flagged an older but persistent bug in HPE’s ArubaOS (CVE-2023-22747), which can lead to remote code execution. This means a hacker could theoretically take full control of a device from halfway across the world.
Federal agencies are now under a strict deadline to remediate these issues, typically within three weeks. While the mandate technically only applies to the public sector, the private sector usually follows suit to avoid becoming the low-hanging fruit for ransomware groups and state-sponsored actors.
What’s the Impact?
The danger here isn’t just about one stolen file. These tools are the backbone of corporate and government networks. SolarWinds ARM manages who has permission to see what, while Ivanti provides the secure “tunnel” for remote workers to access internal systems. If these gates are left open, the fallout can be catastrophic.
We have seen this script before. When infrastructure software is compromised, it often leads to lateral movement. An attacker starts with a small foothold through an unpatched Ivanti gateway and eventually navigates through the network to deploy ransomware or siphon off intellectual property. Because these specific flaws are now being used in the wild, the “dwell time”—the period a hacker sits undetected in a system—could already be ticking for organizations that haven’t updated their software.
How to Avoid This
Staying safe isn’t about buying the most expensive new tool. It’s about the basics of digital hygiene.
- Audit Your Assets: You cannot protect what you don’t know you have. Run a scan to see if any instances of SolarWinds ARM or Ivanti gateways are exposed to the public internet.
- Prioritize the KEV Catalog: Don’t get overwhelmed by the thousands of new vulnerabilities reported every month. Use CISA’s KEV list as your primary to-do list because it focuses on what hackers are actually using right now.
- Move Toward Zero Trust: Shift away from relying solely on “perimeter” security. Even if a gateway like Ivanti is breached, strong internal controls and multi-factor authentication can stop an attacker from moving further into your data.
- Automate Updates Where Possible: For critical infrastructure, manual patching is often too slow. Set up alerts for these specific vendors so your team can move the moment a security advisory is published.
