Developers are calling for urgent patches for new vulnerabilities in Ivanti products

Ivanti has disclosed a new authentication bypass vulnerability affecting Connect Secure, Policy Secure, and ZTA gateways. The developers strongly recommend that administrators immediately install patches on their devices.

The vulnerability, identified as CVE-2024-22024, is due to a flaw in the SAML gateways’ XXE (XML eXternal Entities) component. This flaw allows remote attackers to access restricted resources on unpatched devices. It is important to note that the attacks do not require user interaction or authentication.

Ivanti developers emphasize that there are no confirmed cases of attacks via CVE-2024-22024 from any clients. However, they call for security measures, noting that the vulnerability was discovered during an internal review.

Shadowserver currently monitors more than 20,000 Connect Secure VPN gateways available over the Internet, of which over 6,000 are in the United States.

The CVE-2024-22024 vulnerability was just one of many issues identified in Ivanti products over the past few weeks. Since December 2023, Ivanti VPN devices have been subject to hacker attacks using authentication bypass (CVE-2023-46805) and command injection vulnerabilities (CVE-2024-21887).

Another 0-day, already actively used by attackers, is the SSRF vulnerability CVE-2024-21893, which manifests on the server side in the SAML component. This issue was discovered in early February 2024.

Previously, Ivanti recommended that its customers reset all vulnerable devices to factory settings before installing patches to prevent attackers from trying to gain a foothold in the network between updates.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment