In Belgium 80 Ivanti gateways are vulnerable to hacker attacks, in the Netherlands 97 are online. There are more than 13,000 gateways worldwide that hackers can use

Anyone who uses an Ivanti gateway in their company today has hopefully been awake and vigilant for a long time. After multiple zero-day leaks and other critical vulnerabilities within two months, hackers are now easily attacking vulnerable devices that have not yet been patched.

The following vulnerabilities are affected: CVE-2024-22024, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893 and CVE-2024-21888. Ivanti has had a patch available for some time, but the recent new critical leak gives hackers another opportunity. More than 13,000 devices active online today are being targeted by hackers.

According to Akamai, the latest leak is being actively exploited. On February 11, the day the breach was announced, more than 240,000 requests and attempted payloads were registered on 80 IP addresses.

Shadowserver reports on X that many Ivanti gateways that are vulnerable can still be found online.

There are 80 gateways in Belgium and 97 online in the Netherlands. In our neighboring countries, Great Britain in particular is the worst online with 287 gateways, followed by Germany (186), France (149) and Luxembourg (8). The global map with all details can be found here.

Too many zero days

A zero day has been actively exploited in the Ivanti Connect Secure VPN client since mid-January. As of the end of January, of the 26,000 devices visible online, 492 VPN devices had been hacked. Germany, Italy and the Netherlands make up the top three in Europe. Ivanti has already been criticized for missing the January 22 deadline to release a patch.

At the beginning of February, Murphy surprised Ivanti with two new zero days in Connect Secure. This news coincided with the availability of new patches to eliminate the previous zero days. Ivanti says the January 31 patch would also provide sufficient protection against the new zero-days and urges users to take immediate action. Until customers have applied the patches, the Connect Secure VPN service offers anything but secure connectivity.