Get in Touch
Ivanti RCE vulnerability impacts exposed VPN gateways
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Over 16,000 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) security flaw that was recently disclosed by the vendor. The vulnerability, tracked as CVE-2024-21894 (CVSSv3.1 score: 8.2), is a heap overflow issue in the IPSec component of Ivanti Connect Secure versions, with the potential for threat actors to implement denial-of-service (DoS) or achieve RCE by sending specially crafted requests.
Impact
There is a realistic possibility that successful exploitation of CVE-2024-21894 would allow an unauthenticated threat actor to send specially crafted requests to implement a DoS attack and under certain conditions, execution of arbitrary code.
Vulnerability Detection
Ivanti has released a security update for the vulnerability regarding the affected product versions and, as such, previous versions are now vulnerable to potential exploitation.
Affected Products
Ivanti Connect Secure 9.x and 22.x.
Containment, Mitigations & Remediations
It is strongly recommended that the latest Ivanti Connect Secure security patch is applied as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Ivanti occupies a significant portion of the mobile-device-management market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, related products will likely emerge as a prime target. Due to the fact that Ivanti products have become an integral aspect of business operations, threat actors will continue to exploit the associated vulnerabilities in an attempt to exfiltrate sensitive data contained therein.
Threat Actor
Although exploitation of CVE-2024-21894 is yet to be attributed to a specific threat actor, it should be noted that state-sponsored cyber units leveraged multiple Ivanti flaws (CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893) earlier this year.
Mitre Methodologies
Mitre Tactic
TA0002 – Execution