Executive Summary
Ivanti has recently disclosed a new high-severity vulnerability, CVE-2024-22024, that affects Ivanti Connect Secure, Policy Secure, and ZTA Gateways.
This vulnerability, with a CVSS score of 8.3, was disclosed following the exploitation of several other vulnerabilities in Ivanti.
While there is currently no evidence of CVE-2024-22024 being exploited, it is crucial to apply patches immediately due to ongoing exploits. Please refer to our recent news article for an overview of the recent critical Ivanti vulnerabilities and exploits.
About CVE-2024-22024
CVE-2024-22024 poses a significant risk to users, enabling unauthorized access to restricted resources without authentication.
Ivanti identified this XML External Entity (XXE) vulnerability, with a CVSS score of 8.3, during internal reviews. The affected versions range from Ivanti Connect Secure 9.1R14.4 to 22.5R1.1, Ivanti Policy Secure 22.5R1.1, and ZTA 22.6R1.3, urging users to apply patches promptly.
Ivanti’s Recommendations
In response to CVE-2024-22024, Ivanti advises immediate patching across all affected versions, emphasizing proactive measures to mitigate potential risks.
Despite the absence of known exploits, users are urged to prioritize security by staying informed about updates from Ivanti and security analysts. Please refer to Ivanti’s advisory for more information.
Ivanti’s Security Crisis
CVE-2024-22024 adds to a series of Ivanti security flaws. Previous vulnerabilities have sparked widespread exploitation attempts, particularly concerning given Ivanti’s prominent use in government sectors. As a result, CISA instructed all US government agencies to disconnect Ivanti Connect Secure and Policy Secure VPN appliances by February 2, 2024.
While Ivanti has been releasing mitigations and patches, questions linger regarding the resilience of its products, underscoring the importance of proactive security measures in today’s threat landscape.
Furthermore, cybersecurity expert Kevin Beaumont raised concerns about the outdated software used in Ivanti products. He described the products as “built on old versions of a discontinued tool with components from a decade ago.” This observation underscores the supply chain risk, where weaknesses in third-party components can compromise the entire system’s security.
- [CVSS 9+] Apache Struts Vulnerability: Update Now!
- Microsoft’s 38 Terabyte Mishap
- Microsoft Windows Server Security Patch Acknowledges Memory Leak
- The “Lucifer” Botnet Intensifies Attacks on Apache Servers
- [CVSS 8+] Google Addresses Critical Vulnerabilities in Android
- Did Caesars Entertainment Pay $15M Ransom?