Pierluigi Paganini
April 06, 2024
Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894.
This week the company released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS), including CVE-2024-21894.
The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure that allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to the execution of arbitrary code.
Shadowserver researchers have scanned the Internet for instances vulnerable to CVE-2024-21894 and reported that about 16,500 are still vulnerable.
Most of the vulnerable systems are in the US (4686 at the time of this writing), followed by Japan (2009), and UK (1032).
We are now scanning/reporting Ivanti Connect Secure instances vulnerable to CVE-2024-21894 (heap overflow potentially leading to RCE) & others described in https://t.co/wu0PSvISg4
— The Shadowserver Foundation (@Shadowserver) April 5, 2024
~16 500 likely vulnerable (~4.6K in US): https://t.co/456gKzGMsn
Data in: https://t.co/qxv0Gv5ELc pic.twitter.com/cK0dbr4Nkb
The company said that they are not aware of attacks in the wild exploiting this vulnerability.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, RCE)
