mickmick.net

Ivanti Products Security Restriction Bypass Vulnerability

Release Date: 9 Feb 2024

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

A vulnerability has been identified in Ivanti Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

• Ivanti Connect Secure version 9.1R14.4
• Ivanti Connect Secure version 9.1R17.2
• Ivanti Connect Secure version 9.1R18.3
• Ivanti Connect Secure version 22.4R2.2
• Ivanti Connect Secure version 22.5R1.1
• Ivanti Policy Secure version 22.5R1.1
• ZTA version 22.6R1.3

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

---

Vulnerability Identifier

• CVE-2024-22024

---

Source

• Ivanti

---

Related Link

• https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US