Cybersecurity&Zscaler ThreatLabz：2024年VPN风险报告（英文版）

Recent high-profile exploits of VPN appliances have highlighted critical vulnerabilities (notably CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) affecting essential sectors, including US defense. These vulnerabilities enable attackers to bypass authentication, execute commands with elevated privileges, and maintain persistence after device resets. In response, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to federal agencies to immediately disc