When will the company finally be able to overcome the black band and make its decisions safer?
More than 16,500 of Ivanti's Internet-accessible Connect Secure and Policy Secure gateways are at risk due to a high-level vulnerability that allows remote code execution (RCE) and denial-of-service (DoS) attacks.
The vulnerability, identified as CVE-2024-21894, was detected in the IPsec component of Ivanti Connect Secure systems versions 9. x and 22. x. This flaw can lead to the attacks described above by sending specially generated requests by unauthorized users.
The incident was revealed on April 3, 2024, after which the Shodan search engine registered 29,000 devices on the network, and the Shadowserver threat monitoring service reported about 18,000 potentially vulnerable instances.
Ivanti strongly recommended that system administrators apply updates as soon as possible, despite the lack of signs of active use of the vulnerability among customers at that time.
Subsequent checks by Shadowserver showed that about 16,500 devices are indeed vulnerable. Most of them are located in the United States (4,700), followed by Japan (2,000), the United Kingdom (1,000), Germany (900), France (900), and other countries.
Vulnerabilities in Ivanti products often become an entry point for organizations around the world. Earlier this year, it was reported that government hackers exploited several vulnerabilities in Ivanti products to inject malware before the manufacturer became aware of the problems.
The Mandiant report, published shortly after the vulnerability was identified, details cases of malicious exploitation focused on attacks by Chinese hackers using the SPAWN malware family.
System administrators who have not yet applied the available security features and fixes for CVE-2024-21894 are strongly advised to follow the manufacturer's instructions.
More than 16,500 of Ivanti's Internet-accessible Connect Secure and Policy Secure gateways are at risk due to a high-level vulnerability that allows remote code execution (RCE) and denial-of-service (DoS) attacks.
The vulnerability, identified as CVE-2024-21894, was detected in the IPsec component of Ivanti Connect Secure systems versions 9. x and 22. x. This flaw can lead to the attacks described above by sending specially generated requests by unauthorized users.
The incident was revealed on April 3, 2024, after which the Shodan search engine registered 29,000 devices on the network, and the Shadowserver threat monitoring service reported about 18,000 potentially vulnerable instances.
Ivanti strongly recommended that system administrators apply updates as soon as possible, despite the lack of signs of active use of the vulnerability among customers at that time.
Subsequent checks by Shadowserver showed that about 16,500 devices are indeed vulnerable. Most of them are located in the United States (4,700), followed by Japan (2,000), the United Kingdom (1,000), Germany (900), France (900), and other countries.
Vulnerabilities in Ivanti products often become an entry point for organizations around the world. Earlier this year, it was reported that government hackers exploited several vulnerabilities in Ivanti products to inject malware before the manufacturer became aware of the problems.
The Mandiant report, published shortly after the vulnerability was identified, details cases of malicious exploitation focused on attacks by Chinese hackers using the SPAWN malware family.
System administrators who have not yet applied the available security features and fixes for CVE-2024-21894 are strongly advised to follow the manufacturer's instructions.
