Monday, May 5, 2025
HomeCVE/vulnerabilityThousands Of Internet-Exposed Ivanti VPN Appliances Vulnerable To RCE Attacks

Thousands Of Internet-Exposed Ivanti VPN Appliances Vulnerable To RCE Attacks

Published on

SIEM as a Service

Follow Us on Google News

In a recent cybersecurity revelation, Ivanti, a leading provider of enterprise-grade secure access solutions, has been found to have significant vulnerabilities in its VPN appliances.

The most critical of these, identified as CVE-2024-21894, is a heap overflow vulnerability that could potentially allow remote code execution (RCE) by unauthenticated attackers.

This vulnerability, along with others, poses a severe risk to thousands of internet-exposed Ivanti Connect Secure and Ivanti Policy Secure Gateways.

- Advertisement - Google News

The discovery was detailed in an advisory published on the Ivanti Community forums, which outlines the specifics of the vulnerabilities and the affected products.

Shadowserver said that approximately 16,500 instances of Ivanti Connect Secure appliances are likely vulnerable worldwide, with around 4,600 located within the United States.

This widespread exposure raises significant concerns for organizations relying on Ivanti’s VPN solutions for remote access and secure connectivity.

Remote Code Execution

CVE-2024-21894 is particularly alarming due to its potential for remote code execution, a type of attack that allows an attacker to run arbitrary code on the affected system.

This could enable unauthorized access to sensitive information, disruption of critical services, and further exploitation of network resources.

The advisory also mentions additional vulnerabilities, including CVE-2024-22052 (a null pointer dereference issue), CVE-2024-22053 (another heap overflow vulnerability), and CVE-2024-22023 (an XML entity expansion or XXE vulnerability), each contributing to the overall risk landscape.

Ivanti has acknowledged the severity of these vulnerabilities and is urging customers to apply the provided patches and mitigations immediately.

The company has released updates and detailed guidance on how to secure affected appliances against potential exploitation.

It is crucial for organizations using Ivanti’s VPN solutions to review their security posture and ensure that all necessary measures are in place to protect against these vulnerabilities.

The implications of these vulnerabilities are far-reaching, affecting not only the security of the organizations directly using Ivanti’s products but also the privacy and integrity of the data and systems they safeguard.

In an era where remote access solutions are more critical than ever, the discovery of such vulnerabilities underscores the importance of continuous vigilance and proactive security practices.

As the cybersecurity community continues to monitor and respond to these developments, the situation serves as a reminder of the ever-present challenges in securing complex IT environments.

Organizations are encouraged to stay informed about the latest security advisories and to prioritize the protection of their digital assets against emerging threats.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...