Ivanti security advisory (AV24-058)

Serial number: AV24-058
Date: January 31, 2024

On January 31, 2024, Ivanti published a security advisory to address vulnerabilities in the following products:

  • Ivanti Connect Secure (ICS) gateway – versions 9.x and 22.x
  • Ivanti Policy Secure (ICS) gateway – versions 9.x and 22.x
  • ZTA – version 22.x

Exploitation of these vulnerabilities could allow for privilege escalation and server-side request forgery (SSRF).

Ivanti has indicated that CVE-2024-21893 have been actively exploited.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates once available.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: