Ivanti security advisory (AV24-075)

Serial number: AV24-075
Date: February 9, 2024

On February 8, 2024, Ivanti published a security advisory to address a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following products:

• Ivanti Connect Secure (ICS) gateway – versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, and 22.5R2.2
• Ivanti Policy Secure (ICS) gateway – version 22.5R1.1
• ZTA gateway – versions 22.6R1.3

Exploitation of these vulnerabilities could allow for authentication AuthenticationA process or measure used to verify a users identity. bypass.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates once available.

• Ivanti Security Advisory - CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
• Ivanti Security Advisories