Customer portal
Flash Alert

Flash Alert – Further vulnerabilities reported in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA

Two new vulnerabilities have been disclosed by Ivanti, relating to their Connect Secure, Policy Secure and Neurons for ZTA products and services.

Ivanti Connect Secure & Ivanti Policy Secure

CVE-2024-21888

CVSS: 8.8 HIGH

Ivanti has disclosed a further vulnerability affecting their Connect Secure and Policy Secure solutions.  Impacting all currently supported versions (9.x and 22.x), the vulnerability allows a user (malicious or otherwise) to elevate their current privileges to that of an administrator.

Ivanti Connect Secure, Ivanti Policy Secure & Ivanti Neurons for ZTA

CVE-2024-21893

CVSS: 8.2 HIGH

A server-side vulnerability exists in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure & Ivanti Neurons for ZTA.  When exploited, a threat actor could access certain restricted resources without needing to authenticate.

While no threat actor use of CVE-2024-21888 has yet been discovered, there has been limited, targeted use of CVE-2024-21893. Following the disclosure of these vulnerabilities, exploitation of impacted services is suspected to increase.  Therefore, it is vital that the affected services are fully patched and updated to mitigate any risks.

The release of these vulnerabilities follows Ivanti’s research into vulnerabilities disclosed earlier in the month, CVE-2023-46805 and CVE-2024-21887 (previously reported here).  Given the volume of vulnerabilities coming from Ivanti at this time, it is expected that threat actors will put an increased focus on identifying more in order to exploit vulnerable users.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound