Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
While fixing old vulnerabilities, the company discovered a new and equally important bug.
Ivanti has warned customers about a new authentication bypass vulnerability affecting the Connect Secure (ICS), Policy Secure (IPS) and ZTA gateways, urging administrators to immediately protect their devices.
The company's official report states that the vulnerability CVE-2024-22024 (CVSS score: 8.3) is related to the XXE (XML eXternal Entities) bug in the SAML component of gateways, which allows a remote, un-authenticated hacker to access limited resources on uncorrected devices during low-complexity attacks, without requiring user interaction or authentication.
The vulnerability was identified during an internal review conducted by the company as part of an ongoing investigation into multiple product flaws discovered since the beginning of the year. At the end of January, Ivanti released a number of fixes for vulnerable gateways Connect Secure (ICS) and Policy Secure (IPS). However, in parallel, the company discovered two new zero-day vulnerabilities, one of which is actively exploited.
The CVE-2024-22024 vulnerability affects the following product versions:
The company has already released updates to fix the flaw:
Ivanti emphasizes that at the moment there is no data on the active use of the vulnerability, however, given the widespread use of vulnerabilities patched in early February, the company strongly recommends that users apply the latest fixes as soon as possible.
Ivanti has warned customers about a new authentication bypass vulnerability affecting the Connect Secure (ICS), Policy Secure (IPS) and ZTA gateways, urging administrators to immediately protect their devices.
The company's official report states that the vulnerability CVE-2024-22024 (CVSS score: 8.3) is related to the XXE (XML eXternal Entities) bug in the SAML component of gateways, which allows a remote, un-authenticated hacker to access limited resources on uncorrected devices during low-complexity attacks, without requiring user interaction or authentication.
The vulnerability was identified during an internal review conducted by the company as part of an ongoing investigation into multiple product flaws discovered since the beginning of the year. At the end of January, Ivanti released a number of fixes for vulnerable gateways Connect Secure (ICS) and Policy Secure (IPS). However, in parallel, the company discovered two new zero-day vulnerabilities, one of which is actively exploited.
The CVE-2024-22024 vulnerability affects the following product versions:
- Ivanti Connect Secure (versions 9. 1R14. 4, 9. 1R17. 2, 9. 1R18. 3, 22. 4R2. 2, and 22. 5R1. 1),
- Ivanti Policy Secure (version 22. 5R1. 1),
- ZTA (version 22. 6R1. 3).
The company has already released updates to fix the flaw:
- Connect Secure версий 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, и 22.6R2.2;
- Policy Secure versions 9. 1R17. 3, 9. 1R18. 4, and 22. 5R1. 2;
- ZTA versions 22. 5R1. 6, 22. 6R1. 5, and 22. 6R1. 7.
Ivanti emphasizes that at the moment there is no data on the active use of the vulnerability, however, given the widespread use of vulnerabilities patched in early February, the company strongly recommends that users apply the latest fixes as soon as possible.
