Ivanti Products Security Restriction Bypass Vulnerability

Last Update Date: 16 Feb 2024 Release Date: 9 Feb 2024 2828 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

A vulnerability has been identified in Ivanti Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

Note:

Proof of Concept exploit code is publicly available for CVE-2024-22024.

Impact

Security Restriction Bypass

System / Technologies affected

Ivanti Connect Secure version 9.1R14.4
Ivanti Connect Secure version 9.1R17.2
Ivanti Connect Secure version 9.1R18.3
Ivanti Connect Secure version 22.4R2.2
Ivanti Connect Secure version 22.5R1.1
Ivanti Policy Secure version 22.5R1.1
ZTA version 22.6R1.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

Vulnerability Identifier

CVE-2024-22024

Source

Ivanti