A recently patched Ivanti high-severity heap overflow vulnerability, tracked as CVE-2024-21894, could impact nearly 16,500 internet-exposed Ivanti Connect Secure, and Poly Secure VPN gateways.
The maximum number of vulnerable Ivanti endpoints worldwide is at the U.S., with 4,700, followed by Japan, the UK, Germany, and France, according to a Shadowserver search. Significant exposure was also determined in China, the Netherlands, Spain, Canada, and India.
Organizations with vulnerable Ivanti instances have been urged to review the vendor’s knowledge base article and immediate remediate the bug.
Mandiant report detailing extensive attacks by Chinese cyberespionage operations leveraging Ivanti Connect Secure and Policy Secure gateway vulnerabilities, tracked as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, to facilitate the deployment of the SPAWN malware family and other malicious activity.
All of the Ivanti security issues exploited by Chinese hackers, as well as CVE-2024-22024, had already been used in zero-day attacks earlier this year.
