Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.
The flaw (CVE-2024-22024) is due to an XXE (XML eXternal Entities) weakness in the gateways' SAML component that lets remote attackers gain access to restricted resources on unpatched appliances in low-complexity attacks without requiring user interaction or authentication.
"We have no evidence of any customers being exploited by CVE-2024-22024. However, it is critical that you immediately take action to ensure you are fully protected," Ivanti said.
[...]
Ivanti: Patch new Connect Secure auth bypass bug immediately
Ivanti: Patch new Connect Secure auth bypass bug immediately
-
rbc
- President
- Posts: 285
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Ivanti: Patch new Connect Secure auth bypass bug immediately
Robert B. Carleton + ISC2 Central Mississippi President