Exploitation of Another Ivanti VPN Vulnerability Observed

Industry news
Post Reply
rbc
President
Posts: 235
Joined: Mon Oct 30, 2023 1:32 am
Location: Vicksburg, MS
ISC2 Member Status: Yes
Contact:

Exploitation of Another Ivanti VPN Vulnerability Observed

Post by rbc »

Exploitation of a recently disclosed XML external entity (XXE) vulnerability impacting Ivanti enterprise VPN and network access products has commenced, multiple security researchers warned over the weekend.

Affecting the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateway appliances and tracked as CVE-2024-22024 (CVSS score of 8.3), the issue can be exploited to access certain restricted resources without authentication.

Last week, Ivanti announced that patches for the bug were released for Connect Secure versions 9.x and 22.x, Policy Secure versions 9.x and 22.x, and ZTA gateways versions 22.x.
[...]
Exploitation of Another Ivanti VPN Vulnerability Observed
Robert B. Carleton + ISC2 Central Mississippi President
Post Reply