BleepingComputer reports that attacks leveraging a recently patched high-severity heap overflow vulnerability, tracked as CVE-2024-21894, could impact nearly 16,500 internet-exposed Ivanti Connect Secure and Poly Secure VPN gateways.
The U.S. had the most number of vulnerable Ivanti endpoints worldwide at 4,700, followed by Japan, the UK, Germany, and France, according to a Shadowserver search. Significant exposure was also determined in China, the Netherlands, Spain, Canada, and India.
Organizations with vulnerable Ivanti instances have been urged to review the vendor's knowledge base article and immediate remediate the bug.
Such a development follows a Mandiant report detailing extensive attacks by Chinese cyberespionage operations leveraging Ivanti Connect Secure and Policy Secure gateway vulnerabilities, tracked as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, to facilitate the deployment of the SPAWN malware family and other malicious activity. All of the Ivanti security issues exploited by Chinese hackers, as well as CVE-2024-22024, had already been used in zero-day attacks earlier this year.