High Threat Security Alert (A25-02-11): Multiple Vulnerabilities in Ivanti Products


 

Published on: 12 February 2025

  
  

Description:

Ivanti has released a security advisory to address multiple vulnerabilities in Ivanti products. Detailed information about the vulnerabilities can be found at:
https://www.ivanti.com/blog/february-security-update

Reports indicated that multiple vulnerabilities (CVE-2024-10644, CVE-2024-38657, CVE-2025-22467) in Ivanti Connect Secure and Ivanti Policy Secure are at high risk of exploitation. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Ivanti Connect Secure (ICS) prior to versions 22.7R2.5
  • Ivanti Neurons for MDM (N-MDM) prior to version R108
  • Ivanti Policy Secure (IPS) prior to version 22.7R1.2
  • Ivanti Secure Access Client (ISAC) prior to version 22.7R4

Please note that older unsupported and End-Of-Life (EOL) versions are also vulnerable with no security updates provided. System administrators should arrange to upgrade the unsupported and EOL versions to supported versions or migrate to other supported technology.

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, data manipulation, security restriction bypass or information disclosure on an affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.ivanti.com/blog/february-security-update
  • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-MDM-N-MDM
  • https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10644
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12058
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13813
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13830
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13842 (to CVE-2024-13843)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38657
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22467


Tag: Ivanti , Ivanti Connect Secure , Ivanti Neurons , Ivanti Policy Secure , Ivanti Secure Access Client
Tags