Ivanti 13,000 unpatched Ivanti appliances exposed as attacks escalate, firmware analysis shocks users. “Security” product shipped with a 13-year-old, unsupported base OS and software libraries with 973 vulnerabilities; 111 of which have publicly known exploits available. Catherine Sarisky Feb 16, 2024 - 2 min read Over 13,000 Ivanti VPN appliances have not been patched for multiple known vulnerabilities and remain exposed to the public internet. That’s according to fresh analysis by security researcher Yutaka Sejiyama, who assessed public exposure to critical Ivanti vulnerabilities CVE-2024-21893, CVE-2024-21888, CVE-2023-46805, CVE-2024-21887. (To understand the string of vulnerabilities, mitigations, subsequent mitigation bypasses et al, Rapid7’s analysis here is a good starting point.)Credit: Yutaka Sejiyama This post is for subscribers only Subscribe now and have access to all our stories, enjoy exclusive content and stay up to date with constant updates. Subscribe now Already a member? Sign in
