- Ivanti Corrects Four Bogues found in Connect Secure, Policy Secure and Cloud Applications
- The four could be used in RCE attacks
- Correctives are available and users are advised to apply them as soon as possible
Ivanti has published fixes for four vulnerabilities of critical severity discovered in a number of its products.
Vulnerabilities are followed under the name of CVE-2024-38657, CVE-2025-22467, CVE-2024-10644 and CVE-2024-47908. All these elements received a 9.1 / 10 (critical) gravity score. Different bugs have an impact on different solutions, including Connect Secure (ICS), Policy Secure (IPS) and Cloud Services Applications (CSA).
Since they can be used for very disturbing cyber attacks, users are advised to apply the fixes without hesitation – and a security notice containing more details on the above defects can be found on this link.
Springboard
All bugs can be used to execute arbitrary code remotely. The first clean versions are Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3 and Ivanti CSA 5.0.5, and users are invited to immediately pass to these versions.
Ivanti said there is no evidence of abuse in the will. However, company products are very popular in companies and small and medium -sized enterprises (SMB), and as such are often targeted and used as an initial entry point.
“Although these products are not the ultimate objective, they are increasingly the way that well-resourked state groups concentrate their efforts to try spying campaigns against extremely high value organizations”, said Daniel Spicer, Ivanti CSO.
“We have improved internal digitization, manual exploitation and test capacities, increased collaboration and information sharing with the security ecosystem and improved our responsible disclosure process, in particular to become a CVE numbering authority. “”
At the end of January 2025, the American cybersecurity and infrastructure (CISA) agency added four vulnerabilities of Ivanti to its known vulnerabilities (KEV), suggesting that they were ill -treated in nature. The bugs, found in Ivanti Cloud Service Appliance (CSA) and corrected in September and October 2024, are used in two attack chains to obtain initial access, perform a RCE, obtain identification information and have an impact on Webshells.
Via The Hacker News
