April 5, 2024 at 01:47PM
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to remote code execution flaw CVE-2024-21894, exposing them to potential denial of service and unauthenticated user exploitation. This high-severity vulnerability has seen significant exposure worldwide, including state-sponsored threat actors and widespread exploitation, making it crucial for system administrators to apply available mitigations and fixes promptly.
Based on the meeting notes, the key takeaways are:
– Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways are exposed on the internet and likely vulnerable to a remote code execution (RCE) flaw tracked as CVE-2024-21894, posing a high-severity risk.
– This flaw is a heap overflow in the IPSec component of Ivanti Connect Secure 9.x and 22.x, potentially allowing unauthenticated users to cause denial of service (DoS) or achieve RCE by sending specially crafted requests.
– The vendor, Ivanti, has urged system administrators to apply the updates as soon as possible, as the flaw has the potential to be exploited, and Shadowserver reported approximately 16,500 instances vulnerable to the RCE flaw.
– The majority of vulnerable instances are in the United States, followed by other countries with significant exposure.
– High-risk vulnerabilities in Ivanti products have been leveraged by state-sponsored threat actors and multiple hacking groups, resulting in widespread exploitation and deployment of custom web shells.
Overall, the meeting notes highlight the urgency for system administrators to apply the available mitigations and fixes for CVE-2024-21894, as well as the broader context of high-profile recent bug exploitation cases targeting Ivanti endpoints.