- Ivanti patches four bugs found in Connect Secure, Policy Secure, and Cloud Services Applications
- All four could be used in RCE attacks
- Patches are available, and users are advised to apply them ASAP
Ivanti has released patches for four critical-severity vulnerabilities discovered in a number of its products.
The vulnerabilities are tracked as CVE-2024-38657, CVE-2025-22467, CVE-2024-10644, and CVE-2024-47908. All of these were given a severity score of 9.1/10 (critical). Different bugs impact different solutions, including Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Applications (CSA).
Since they can be used for highly disruptive cyberattacks, users are advised to apply the patches without hesitation – and a security advisory containing more details about the above-mentioned flaws can be found on this link.
Stepping stones
All of the bugs can be used to execute arbitrary code, remotely. The first clean versions are Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3, and Ivanti CSA 5.0.5, and users are advised to upgrade to these versions straight away.
Ivanti said there is no evidence of in-the-wild abuse. However, the company’s products are quite popular in both enterprises and small and medium businesses (SMB), and as such are often targeted and used as an initial entry point.
“While these products are not the ultimate target, they are increasingly the route that well-resourced nation state groups are focusing their effort on to attempt espionage campaigns against extremely high-value organizations,” Daniel Spicer, Ivanti CSO, said.
“We have enhanced internal scanning, manual exploitation and testing capabilities, increased collaboration and information sharing with the security ecosystem, and further enhanced our responsible disclosure process, including becoming a CVE Numbering Authority.”
In late January 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) added four Ivanti vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, suggesting they were being abused in the wild. The bugs, found in Ivanti Cloud Service Appliance (CSA) and patched in September and October 2024, are being used in two attack chains to gain initial access, conduct RCE, obtain credentials, and impact webshells.
Via The Hacker News
Leave a comment