CISA: Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

January 10, 2024

cisa logo 002

Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.
 
Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.
 
CISA urges users and administrators to immediately review Ivanti’s security update and apply the current workaround. CISA will update this alert as Ivanti releases patches.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

You may have missed

security

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

November 8, 2024
windows malware

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

November 8, 2024
hkcert

Android Multiple Vulnerabilities

November 8, 2024
image 1

CVE Alert: CVE-2024-48290

November 8, 2024
image 1

CVE Alert: CVE-2024-51994

November 8, 2024