New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways

February 09, 2024NewsroomVulnerability / Zero Day

Weakness of Ivanti

Ivanti is alerting customers to another serious security flaw in Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.

The issue, tracked as CVE-2024-22024rated 8.3 out of 10 on the CVSS scoring system.

“An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways that allows an attacker to access to some restricted resources without authentication,” the company said SAYS in an advisory.

The company said it found the flaw during an internal review as part of an ongoing investigation into several security vulnerabilities in its products that have come to light since the start of the year, including CVE-2023-46805, CVE- 2024-21887, CVE-2024-21888, and CVE-2024-21893.

Cybersecurity

CVE-2024-22024 affects the following versions of products –

  • Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, and 22.5R1.1)
  • Ivanti Policy Secure (version 22.5R1.1)
  • ZTA (version 22.6R1.3)

Patches for the bug are available in Connect Secure versions 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3, and 22.6R2.2; Policy Secure versions 9.1R17.3, 9.1R18.4, and 22.5R1.2; and ZTA versions 22.5R1.6, 22.6R1.5, and 22.6R1.7.

Ivanti says there is no evidence of active exploitation of the flaw, but with CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 subject to widespread abuse, users should take action immediately to apply the latest fixes.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment