GRI

Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

News Cybersecurity English Guidance
Date: 10th Jan, 2024 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Summary:

Ivanti has released a security update to address two critical vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Connect Secure and Policy Secure gateways. The vulnerabilities could allow an attacker to bypass authentication and inject commands, potentially leading to full system control. CISA urges immediate patching and has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch agencies to remediate by a specified due date.

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.
 
Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.
 
CISA urges users and administrators to immediately apply the current workaround in Ivanti’s security update and review Volexity’s blog on these vulnerabilities. Note: CISA has added CVE-2023-46805 and CVE-2024-21887 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.

CISA will update this alert as Ivanti releases patches.

Highlights content goes here...

Summary: Ivanti Security Update for Connect Secure and Policy Secure Gateways

Ivanti has released a security update to address two critical vulnerabilities in its Connect Secure and Policy Secure gateways: an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887). These vulnerabilities affect all supported versions (9.x and 22.x) of the gateways and, if exploited, could grant a cyber threat actor control over an affected system.

Ivanti reports active exploitation of both vulnerabilities, emphasizing the need for immediate action. The US Cybersecurity and Infrastructure Security Agency (CISA) has added both CVEs to its Known Exploited Vulnerabilities Catalog, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate the identified vulnerabilities by the specified due date to protect FCEB networks against active threats.

To mitigate the risk, CISA urges users and administrators to:

1. Apply the current workaround in Ivanti’s security update as soon as possible.
2. Review Volexity’s blog on these vulnerabilities for additional information and guidance.

CISA will update this alert as Ivanti releases patches. It is essential for organizations using Ivanti Connect Secure and Policy Secure gateways to take immediate action and ensure the security of their networks.

Key Takeaways:

Two critical vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure and Policy Secure gateways require urgent attention.
 Active exploitation of both vulnerabilities has been reported.
CISA has added both CVEs to its Known Exploited Vulnerabilities Catalog, requiring FCEB agencies to remediate by the specified due date.
 Apply the current workaround and review Volexity’s blog for additional information.
CISA will update this alert as Ivanti releases patches.

Recommendation:*

Organizations using Ivanti Connect Secure and Policy Secure gateways should prioritize the implementation of the security update and apply the workaround as soon as possible to minimize the risk of exploitation.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Reviewed supervisors overall applied the EBA’s recommendations on tax integrity and dividend arbitrage trading schemes, the EBA Report finds
Date: 6th Feb, 2025 Source: European Banking Authority (EBA) Country: European Union
News Tax & Compliance Guidance
CH403260 – Calculating penalties: special reduction: when to consider Special Reduction
Date: 6th Feb, 2025 Source: Her Majesty’s Revenue and Customs (HMRC) Country: United Kingdom
News Tax & Compliance Guidance
VAT Partial Exemption Guidance
Date: 6th Feb, 2025 Source: Her Majesty’s Revenue and Customs (HMRC) Country: United Kingdom
News Tax & Compliance Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales