Ivanti has released security updates to address multiple security flaws affecting Connect Secure (ICS), Policy Secure (IPS), and Cloud Service Applications (CSA).
The list of vulnerabilities is below:
CVE-2024-38657 (CVSS score: 9.1) – External control of filenames for IVANTI Connect Secure before version 22.7R2.4 and IVANTI policy is safe before version 22.7R1.3. CVE-2025-22467 (CVSS score: 9.9) – Using stack-based buffer overflow for IVANTI Connect Secure before version 22.7R2.6, remote authentication attackers will cause remote code execution CVE-2024-10644 (CVSS score: 9.1) can be realized. Code injection in Ivanti Connect protects secure before version 22.7R2.4 and IVANTI policies, and is protected before version 22.7R1.3. Injection in the Ivanti CSA administrator web console before version 5.0.5 allows remote authentication attackers with administrative rights to achieve remote code execution
The drawbacks are addressed in the following versions –
Ivanti Connect Secure 22.7R2.6 Ivanti Policy Secure 22.7R1.3 Ivanti CSA 5.0.5
The company said it is unaware of any of the defects being exploited in the wild. However, as Ivanti appliances are repeatedly weaponized by malicious actors, it is essential that users take steps to apply the latest patches.
Ivanti also said that its edge products are “targeted and exploited by sophisticated threat actor attacks,” and that its software has been improved, implementing principles of safe design, and for potential abuse by the enemy. He admitted that he was making an effort to raise the stick.
“These products aren’t the ultimate targets, but they are increasingly a route that focuses their efforts on spying on highly valued organizations,” Ivanti Cso Daniel Spicer said. said.
“We have further strengthened internal scanning, manual leveraging and testing capabilities, increased collaboration and information sharing with the security ecosystem, and further strengthened our responsible disclosure process, including becoming authorized for CVE numbers. .”
This development comes when Bishop Fox released the full technical details of the currently patched security flaws of Sonic Wall Sonicos (CVE-2024-53704). access.
As of February 7, 2025, nearly 4,500 SonicWall SSL VPN servers for the Internet remain unpublished for CVE-2024-53704.
In a similar move, Akamai announced the discovery of two vulnerabilities in Fortinet Fortios (CVE-2024-46666 and CVE-2024-46668). The defect was resolved by Fortinet on January 14, 2025.
Fortinet has revised the advisory for CVE-2024-55591, highlighting another flaw tracked as CVE-2025-24472 (CVSS score: 8.1), and via specially crafted CSF proxy requests This can lead to authentication bypassing the device.
The company evaluated Watchtowr Labs researcher Sonny MacDonald as having discovered and reported the defect. The vulnerability means that it has already been patched along with CVE-2024-55591. This means that if the latter fix has already been applied, no customer action is required.
Source link
