July 14, 2024

TechNewsInsight

Technology/Tech News – Get all the latest news on Technology, Gadgets with reviews, prices, features, highlights and specificatio

The new Ivanti Auth Bypass flaw affects secure communication and ZTA gateways

The new Ivanti Auth Bypass flaw affects secure communication and ZTA gateways

09 February 2024newsroomWeakness/zero day

Ivanti has alerted customers of another high-risk vulnerability in Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.

The case, as follows CVE-2024-22024Rated 8.3 out of 10 in the CVSS scoring system.

“An external Authentication of the company He said In consultation.

The company said it discovered the flaw during an internal review as part of its ongoing investigation into multiple security vulnerabilities in products that have come to light since the beginning of the year, including CVE-2023-46805, CVE-2024-21887, and CVE. -2024-21888, and CVE-2024-21893.

Cyber ​​security

CVE-2024-22024 affects the following versions of products –

  • Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1)
  • Ivanti Secure Policy (Version 22.5R1.1)
  • ZTA (version 22.6R1.3)

Bug fixes are available in Connect Secure versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, and 22.6R2.2; Policy Secure versions 9.1R17.3, 9.1R18.4, and 22.5R1.2; and ZTA versions 22.5R1.6, 22.6R1.5 and 22.6R1.7.

Ivanti said there is no evidence of active exploitation of the flaw, but with CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 subject to widespread abuse, it is imperative that users move quickly to apply the latest fixes.

Found this article interesting? Follow us Twitter And LinkedIn To read more of the exclusive content we publish.

See also  The mid-range Chevy Colorado makes the ZR2 a powerhouse with just a tune