Eliminate VPN vulnerabilities with Cloudflare One

On January 2024 CISA issued an emergency directive after active exploitation of two chained zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances enabled unauthenticated RCE; attackers harvested credentials, deployed web shells, reversed tunneled to C2, and disabled logging. The report summarizes the technical details (CVE-2023-46805 and CVE-2024-21887), the operational impact on networks and legacy VPN architectures, and advocates replacing/augmenting VPNs with Zero Trust SASE controls such as Cloudflare One to reduce blast radius and remove exposure to appliance internals.