Security Alert (A24-12-08): Multiple Vulnerabilities in Ivanti Products


 

Published on: 11 December 2024

  
  

Description:

Ivanti has released security advisories to address multiple vulnerabilities in Ivanti products. Detailed information about the vulnerabilities can be found at:
https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs

 

Affected Systems:

  • Ivanti Connect Secure versions prior to 22.7R2.4
  • Ivanti Policy Secure versions prior to 22.7R1.2

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
  • https://www.hkcert.org/security-bulletin/ivanti-products-multiple-vulnerabilities_20241211
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9844
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11633 (to CVE-2024-11634)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37377
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37401


Tag: Ivanti , Ivanti Connect Secure , Ivanti Policy Secure
Tags