High Threat Security Alert (A24-02-08): Vulnerability in Ivanti Products


 

Published on: 09 February 2024

  
  

Description:

Ivanti has published a security advisory to address a vulnerability in Ivanti systems. Detailed information about the vulnerability can be found at:
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure

Reports indicate that a security restriction bypass vulnerability (CVE-2024-22024) in Ivanti Connect Secure, Policy Secure and ZTA Gateways is at a high risk of exploitation. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Ivanti Connect Secure versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1
  • Ivanti Policy Secure version 22.5R1.1
  • ZTA version 22.6R1.3

 

Impact:

Successful exploitation of the vulnerability could lead to security restriction bypass on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure
  • https://www.hkcert.org/security-bulletin/ivanti-products-security-restriction-bypass-vulnerability_20240209
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22024


Tag: Ivanti , Ivanti Connect Secure , Ivanti Policy Secure , ZTA
Tags