Ivanti has alerted customers of another high-risk vulnerability in Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.
The case, as follows CVE-2024-22024Rated 8.3 out of 10 in the CVSS scoring system.
“An external Authentication of the company He said In consultation.
The company said it discovered the flaw during an internal review as part of its ongoing investigation into multiple security vulnerabilities in products that have come to light since the beginning of the year, including CVE-2023-46805, CVE-2024-21887, and CVE. -2024-21888, and CVE-2024-21893.
CVE-2024-22024 affects the following versions of products –
- Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1)
- Ivanti Secure Policy (Version 22.5R1.1)
- ZTA (version 22.6R1.3)
Bug fixes are available in Connect Secure versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, and 22.6R2.2; Policy Secure versions 9.1R17.3, 9.1R18.4, and 22.5R1.2; and ZTA versions 22.5R1.6, 22.6R1.5 and 22.6R1.7.
Ivanti said there is no evidence of active exploitation of the flaw, but with CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 subject to widespread abuse, it is imperative that users move quickly to apply the latest fixes.
“Extreme travel lover. Bacon fanatic. Troublemaker. Introvert. Passionate music fanatic.”
More Stories
New audit firm hired by Trump Media busted by SEC for 'massive fraud'
Have the wheels come off for Tesla?
The popular mall retailer is closing all stores nationwide