- 49/2024
- Critical
Ivanti has released security updates to a zero-day vulnerability across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA products.
The addressed vulnerability could allow the remote attacker to gain access to restricted resources on unpatched appliances in low-complexity attacks without requiring user interaction or authentication to the affected systems.
The addressed vulnerability:
Ivanti Connect Secure, Policy Secure and ZTA gateways information disclosure (CVE-2024-22024):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that those who implemented the patch issued on January 31 or February 1 and conducted a factory reset for their appliance are not required to perform another factory reset.
Vulnerabilities
CVE-2024-22024
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.