+16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

4 weeks ago AndyC

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Pierluigi Paganini
April 06, 2024

Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw.

+16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Pierluigi Paganini
April 06, 2024

Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw.

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894.

This week the company released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS), including CVE-2024-21894.

The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure that allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to the execution of arbitrary code. 

Shadowserver researchers have scanned the Internet for instances vulnerable to CVE-2024-21894 and reported that about 16,500 are still vulnerable.

Most of the vulnerable systems are in the US (4686 at the time of this writing), followed by Japan (2009), and UK (1032).

The company said that they are not aware of attacks in the wild exploiting this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , ,

More Stories

Finland authorities warn of Android malware campaign targeting bank users

Finland authorities warn of Android malware campaign targeting bank users

3 hours ago AndyC
Law enforcement seized Lockbit group's website again

Law enforcement seized Lockbit group’s website again

9 hours ago AndyC
NATO and the EU formally condemned APT28 cyber espionage

NATO and the EU formally condemned APT28 cyber espionage

15 hours ago AndyC
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

21 hours ago AndyC
GenAI Continues to Dominate CIO and CISO Conversations

GenAI Continues to Dominate CIO and CISO Conversations

21 hours ago AndyC
Blackbasta gang Synlab Italia attack

Blackbasta gang Synlab Italia attack

2 days ago AndyC

You may have missed

7 IT leadership hacks that deliver results

7 IT leadership hacks that deliver results

13 mins ago AndyC
6 cloud market forces impacting IT strategies today

6 cloud market forces impacting IT strategies today

14 mins ago AndyC
Egypt launched the first government data center

Egypt launched the first government data center

14 mins ago AndyC
Can AI tools help reduce Zoom fatigue?

Can AI tools help reduce Zoom fatigue?

14 mins ago AndyC
Report Finds CISOs Struggle to Maintain Operational Security

Report Finds CISOs Struggle to Maintain Operational Security

3 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.