Security News > 2024 > February > Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
Starting with CVE-2024-22024, the issue is an XXE vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateways that allowsunauthorized access to restricted resources.
Threat monitoring service Shadowserver reports that its internet scans show more than 3,900 Ivanti endpoints vulnerable to CVE-2024-22024.
The organization saw roughly 1,000 Ivanti endpoints that are still vulnerable to CVE-2024-21887, a flaw that lets authenticated admins execute arbitrary commands on vulnerable appliances by sending specially crafted requests.
The flaws affecting Ivanti products were disclosed over a short period, giving administrator little time to prepare for applying the patches.
Ivanti Connect Secure zero-days exploited to deploy custom malware.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-22024 | XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | 8.3 |
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |