"Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability"
"Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability"
Security Researchers at the Shadowserver Foundation have identified thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution. The researchers described the vulnerability, tracked as CVE-2024-21894 (CVSS 8.2), as a heap overflow bug in the IPSec component of Ivanti Connect Secure (formerly Pulse Connect Secure) and Policy Secure that could be exploited by remote, unauthenticated attackers to cause a denial-of-service (DoS) condition or execute arbitrary code.