There are rumor swirling that there might be some upcoming Ivanti Connect Secure (ICS) CVEs being released soon.

I feel bad for anybody needing to decipher what Ivanti product versions are vulnerable to what CVE.

The Ivanti advisories use confusing language that is unclear if it's referring to which versions are fixed, and which are affected. The CVE entries don't mention which versions contain the fix. And the release notes...
Can somebody smarter than myself decipher what order the security patches are listed in? It's not by order of CVE ID, and it's not by order of ICS version. Which leaves... ?

If we are indeed about to have an Ivanti fire drill, good luck folks.

@wdormann RUMINT is that Ivanti has exploited zero-days. Leaked on social media and then deleted.

@cR0w @screaminggoat @wdormann Idiocracy is a very fitting reference here

@wdormann what if I told you there isn't a fix and we're just shutting off all impacted appliances?

@bon3s

@wdormann Please send thoughts and prayers, I or one of my colleagues will likely have to make some kind of readable article out of this upcoming mess.

In my opinion, this has to be deliberate, including the deliberate omission of severities from the overview table.

@christopherkunz @wdormann I’ve been in this field professionally for over 17 years, dealing with vulnerability disclosures from both pentesting and CSIRT perspectives during all those years, and I wholeheartedly second that opinion.

@wdormann I'd piss on a spark plug if I thought a patch would do anything

@wdormann https://m.youtube.com/watch?v=5aKkafoi22g