Security experts have discovered a critical RCE flaw, designated as CVE-2024-21894, impacting an estimated 16,500 Ivanti Connect Secure and Poly Secure gateways.

The vulnerability enables attackers to crash the service and possibly execute arbitrary code on the affected systems.

Patches have been released to rectify this flaw along with three additional security issues.

The majority of the vulnerable systems were found in the US, with Japan and the UK also having significant numbers.

There have been no reported incidents of the vulnerability being exploited in attacks to date.