Page 1 of 1

Exploitation of Another Ivanti VPN Vulnerability Observed

Posted: Mon Feb 12, 2024 11:19 am
by rbc
Exploitation of a recently disclosed XML external entity (XXE) vulnerability impacting Ivanti enterprise VPN and network access products has commenced, multiple security researchers warned over the weekend.

Affecting the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateway appliances and tracked as CVE-2024-22024 (CVSS score of 8.3), the issue can be exploited to access certain restricted resources without authentication.

Last week, Ivanti announced that patches for the bug were released for Connect Secure versions 9.x and 22.x, Policy Secure versions 9.x and 22.x, and ZTA gateways versions 22.x.
[...]
Exploitation of Another Ivanti VPN Vulnerability Observed