Over 13,000 Ivanti VPN appliances have not been patched for multiple known vulnerabilities and remain exposed to the public internet. 

That’s according to fresh analysis by security researcher Yutaka Sejiyama, who assessed public exposure to critical Ivanti vulnerabilities CVE-2024-21893, CVE-2024-21888, CVE-2023-46805, CVE-2024-21887

(To understand the string of vulnerabilities, mitigations, subsequent mitigation bypasses et al, Rapid7’s analysis here is a good starting point.)

Credit: Yutaka Sejiyama

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in